nod 32 virus threat keeps poping up

Computing.Net > Forums > Security and Virus > nod 32 virus threat keeps poping up

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

nod 32 virus threat keeps poping up

Name: worx
Date: May 1, 2006 at 19:47:42 Pacific
OS: xp pro
CPU/Ram: amd xp 1900+ / 512 ddr

Comment:

I have ran a full nod 32 virus system scan, ad aware, and spy bot scan, but I keep getting this pop up messeage from nod 32. Any other ways to get rid of the virus? It says it's probably a variant of Win32/Hoax.Renos applicaiton. Here is a screen shot of the nod 32 threat pop up i keep getting: http://s36.photobucket.com/albums/e39/worx54/?action=view¤t=virusthreat.jpg

Sponsored Link

Ads by Google

Response Number 1

Name: worx
Date: May 1, 2006 at 19:49:51 Pacific

Reply:

http://i36.photobucket.com/albums/e39/worx54/virusthreat.jpg

Response Number 2

Name: jabuck
Date: May 1, 2006 at 20:04:17 Pacific

Reply:

Run this free online scan from Kaspersky http://kaspersky.com/kos/english/kavwebscan.html
Click Accept
When the updates are finished downloading, click Next, Scan Settings
Under Scan using the following antivirus database:, select extended
Make sure the Scan Archives and Scan Mail Bases options are selected as well. Click OK
Click My Computer and wait for the scan to finish
Click Save Report As. Under Save as type:, select Text file. Save this log to your Desktop and post a copy of it here.
Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified. You can download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed.
Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor at this forum.
Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.

Response Number 3

Name: worx
Date: May 2, 2006 at 14:28:36 Pacific

Reply:

log of kaspersky:
---------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, May 02, 2006 7:12:00 AM
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 2/05/2006
Kaspersky Anti-Virus database records: 191009
---------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
F:\
Scan Statistics:
Total number of scanned objects: 139809
Number of viruses found: 24
Number of infected objects: 57
Number of suspicious objects: 0
Duration of the scan process: 01:57:49
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Documents\hl1110.exe/WISE0025.BIN Infected: not-a-virus:Server-Proxy.Win32.Hltv skipped
C:\Documents and Settings\All Users\Documents\hl1110.exe WiseSFX: infected - 1 skipped
C:\Documents and Settings\Default User\My Documents\Data\all_files4b.exe/data0002/data0120 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Documents and Settings\Default User\My Documents\Data\all_files4b.exe/data0002 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Documents and Settings\Default User\My Documents\Data\all_files4b.exe/data0003 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Documents and Settings\Default User\My Documents\Data\all_files4b.exe NSIS: infected - 3 skipped
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4b.exe/data0002/data0120 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4b.exe/data0002 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4b.exe/data0003 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4b.exe NSIS: infected - 3 skipped
C:\Documents and Settings\Tuan Phan\My Documents\SOFTWARE-ZIPFROMSIT PROGRAMZ\pcspy-v2.31.exe/data0002 Infected: Trojan-Spy.Win32.PCspy.b skipped
C:\Documents and Settings\Tuan Phan\My Documents\SOFTWARE-ZIPFROMSIT PROGRAMZ\pcspy-v2.31.exe/data0003 Infected: Trojan-Spy.Win32.PCspy.b skipped
C:\Documents and Settings\Tuan Phan\My Documents\SOFTWARE-ZIPFROMSIT PROGRAMZ\pcspy-v2.31.exe Inno: infected - 2 skipped
C:\Documents and Settings\Vu\Local Settings\Temp\THI1EED.tmp\wsebate0.exe/data0121 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Documents and Settings\Vu\Local Settings\Temp\THI1EED.tmp\wsebate0.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Vu\My Documents\game files\hl1110.exe/WISE0025.BIN Infected: not-a-virus:Server-Proxy.Win32.Hltv skipped
C:\Documents and Settings\Vu\My Documents\game files\hl1110.exe WiseSFX: infected - 1 skipped
C:\Documents and Settings\Vu\My Documents\heavnly\HeavenlyS\Heavenly.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 skipped
C:\Program Files\ESET\cache\FND0.NFI/run.exe Infected: Trojan-Downloader.Win32.Harnig.bh skipped
C:\Program Files\ESET\cache\FND0.NFI ZIP: infected - 1 skipped
C:\Program Files\ESET\cache\FND0.NFI PE-Crypt.XorPE: infected - 1 skipped
C:\Program Files\ESET\infected\RJSQEWBA.NQF/data.rar/MegaUpload_Alexa_ToolBar/AlexaInstaller_megaupload-20.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.AlexaBar.a skipped
C:\Program Files\ESET\infected\RJSQEWBA.NQF/data.rar/MegaUpload_Alexa_ToolBar/AlexaInstaller_megaupload-20.exe/stream/data0008 Infected: not-a-virus:AdWare.Win32.AlexaBar.b skipped
C:\Program Files\ESET\infected\RJSQEWBA.NQF/data.rar/MegaUpload_Alexa_ToolBar/AlexaInstaller_megaupload-20.exe/stream Infected: not-a-virus:AdWare.Win32.AlexaBar.b skipped
C:\Program Files\ESET\infected\RJSQEWBA.NQF/data.rar/MegaUpload_Alexa_ToolBar/AlexaInstaller_megaupload-20.exe Infected: not-a-virus:AdWare.Win32.AlexaBar.b skipped
C:\Program Files\ESET\infected\RJSQEWBA.NQF/data.rar Infected: not-a-virus:AdWare.Win32.AlexaBar.b skipped
C:\Program Files\ESET\infected\RJSQEWBA.NQF RarSFX: infected - 5 skipped
C:\Program Files\ESET\infected\RJSQEWBA.NQF PE-Crypt.XorPE: infected - 5 skipped
C:\Program Files\ESET\infected\V0FMQBBA.NQF Infected: Trojan.Win32.Agent.qt skipped
C:\Program Files\k lite foler\linh's music\kmd171_en.exe/data0003/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Program Files\k lite foler\linh's music\kmd171_en.exe/data0003/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Program Files\k lite foler\linh's music\kmd171_en.exe/data0003 Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Program Files\k lite foler\linh's music\kmd171_en.exe/data0012 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Program Files\k lite foler\linh's music\kmd171_en.exe/data0013/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.av skipped
C:\Program Files\k lite foler\linh's music\kmd171_en.exe/data0013/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
C:\Program Files\k lite foler\linh's music\kmd171_en.exe/data0013 Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
C:\Program Files\k lite foler\linh's music\kmd171_en.exe/data0014 Infected: not-a-virus:AdWare.Win32.DownloadWare.a skipped
C:\Program Files\k lite foler\linh's music\kmd171_en.exe/data0018 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
C:\Program Files\k lite foler\linh's music\kmd171_en.exe/data0022/bdedetect1.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
C:\Program Files\k lite foler\linh's music\kmd171_en.exe/data0022/bdeclean.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.30170 skipped
C:\Program Files\k lite foler\linh's music\kmd171_en.exe/data0022 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.30170 skipped
C:\Program Files\k lite foler\linh's music\kmd171_en.exe/data0023 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1100 skipped
C:\Program Files\k lite foler\linh's music\kmd171_en.exe/data0024 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\k lite foler\linh's music\kmd171_en.exe Inno: infected - 14 skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Program Files\Navnt\Quarantine\0F280000.VBN Infected: Trojan.Win32.Delf.cj skipped
C:\Program Files\Navnt\Quarantine\0F280001.VBN Infected: Trojan.Win32.Delf.cj skipped
C:\System Volume Information\_restore{11FB07F0-D1C8-4F69-BB10-454CB99ADA09}\RP636\A0135429.exe/data0005 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{11FB07F0-D1C8-4F69-BB10-454CB99ADA09}\RP636\A0135429.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{11FB07F0-D1C8-4F69-BB10-454CB99ADA09}\RP650\A0137144.exe Infected: Trojan-Downloader.Win32.Zlob.mw skipped
C:\System Volume Information\_restore{CCC49CCE-B6F6-485A-8A03-33E85F063931}\RP3\A0005380.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{CCC49CCE-B6F6-485A-8A03-33E85F063931}\RP3\A0005388.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{CCC49CCE-B6F6-485A-8A03-33E85F063931}\RP3\A0005391.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\WINDOS2\system32\ld813F.tmp Infected: Trojan-Downloader.Win32.Zlob.mv skipped
C:\WINDOS2\system32\regperf.exe Infected: Trojan-Downloader.Win32.Zlob.mv skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1018.dll Infected: not-a-virus:AdWare.Win32.Gator.1018 skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1018.dll Infected: not-a-virus:AdWare.Win32.Gator.1018 skipped
Scan process completed.

Response Number 4

Name: jabuck
Date: May 2, 2006 at 14:58:54 Pacific

Reply:

You are probably working on it, but we need the Hijack This log before we get started.
Also we will need some other tools but please post the HT log before downloading them.
Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode
Download Ewido Security Suite then set it up this way Ewido Setup Instructions We will need this later in safe mode
Download killbox to your desktop from this link Killbox We will need it later in safe mode

Response Number 5

Name: worx
Date: May 2, 2006 at 15:16:10 Pacific

Reply:

hijackhis log:
Logfile of HijackThis v1.99.1
Scan saved at 2:38:09 PM, on 5/2/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOS2\System32\smss.exe
C:\WINDOS2\system32\winlogon.exe
C:\WINDOS2\system32\services.exe
C:\WINDOS2\system32\lsass.exe
C:\WINDOS2\system32\svchost.exe
C:\WINDOS2\System32\svchost.exe
C:\WINDOS2\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOS2\System32\nvsvc32.exe
C:\WINDOS2\System32\tcpsvcs.exe
C:\WINDOS2\System32\svchost.exe
C:\WINDOS2\system32\ZoneLabs\vsmon.exe
C:\WINDOS2\Explorer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOS2\System32\wuauclt.exe
C:\WINDOS2\System32\dcomcfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOS2\System32\hp99A6.tmp
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Basic - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Basic\popuppro.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOS2\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOS2\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [System Kernal Support] system.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\WINDOS2\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\RunServices: [System Kernal Support] system.exe
O4 - HKCU\..\Run: [EPSON Stylus C60 Series (Copy 1)] C:\WINDOS2\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe /A "C:\WINDOS2\System32\E_S14F.tmp"
O4 - HKCU\..\Run: [System Kernal Support] system.exe
O4 - HKCU\..\Run: [Washer] c:\Program Files\Washer\washer.exe /0
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOS2\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestation.com/common/classes/BPImageEditor.cab?ver=1,1,0,32
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/29beda34071aeac56305/netzip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130191383831
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://fredmeyer.digitalcameradeveloping.com/upload/XUpload.ocx
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4576/mcfscan.cab
O20 - Winlogon Notify: winaje32 - winaje32.dll (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOS2\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOS2\system32\ZoneLabs\vsmon.exe

32 monitor opengl 1.4 download xcopy 32	ipod upload software grep line number December 31, 1969
See More

Response Number 6

Name: worx
Date: May 2, 2006 at 15:26:19 Pacific

Reply:

k, I downloaded those 3 programs for safemode.

Response Number 7

Name: jabuck
Date: May 2, 2006 at 16:04:56 Pacific

Reply:

You have smitrim or spywarequake, go to the link and run through their removal procedure Spyquake Removal
After you finish there and have the tools in response #4 downloaded reboot the computer into safe mode by following the directions at this link if you need them Safe Mode
Go to start>control panel >add/remove prograams and look for "savenow or mywaysearch" and uninsatll them if found.
From safe mode run Hijack This, close all windows except HT, place a check to the left of the following items and press "fix checked":
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOS2\System32\hp99A6.tmp
O4 - HKLM\..\Run: [System Kernal Support] system.exe
O4 - HKLM\..\RunServices: [System Kernal Support] system.exe
O4 - HKCU\..\Run: [System Kernal Support] system.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/29beda34071aeac56305/netzip/RdxIE601.cab
O20 - Winlogon Notify: winaje32 - winaje32.dll (file missing)
Run Ewido from safe mode and let it delete all that it finds.
RunATF-Cleaner. Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Double-click on Killbox.exe to run it.
Put a tick by Standard File Kill.
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time.
C:\Windows\System32\system.exe
C:\WINDOS2\system32\regperf.exe
C:\WINDOS2\system32\ld813F.tmp

Click on the button that has the red circle with the X in the middle after you enter each file.
It will ask for confimation to delete the file.
Click Yes.
Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
Set up the computer to view hidden files by going to start>control panel>folder options>view tab>tick the circle beside "show hidden files and folders" and untick the box beside "hide extensions of known file types" and "hide protected system operating files">apply>ok.
While still in safe mode navigate to and delete these files/folders if found:
C:\WINDOWS\Downloaded Program Files\CONFLICT.2
C:\WINDOWS\Downloaded Program Files\CONFLICT.1
Reboot into normal mode and purge the system restore folder. For instructions on how to purge system restore click Here
Post a new kaspersky scan and a new HT log.

Response Number 8

Name: worx
Date: May 2, 2006 at 19:01:38 Pacific

Reply:

Step 4. Doesn't work.... it said Download failure: A connection with the server could not be established. And it didn't download what it was suppose to.

Response Number 9

Name: jabuck
Date: May 2, 2006 at 19:26:26 Pacific

Reply:

Which one didn't download, I don't know what step#4 is.

Response Number 10

Name: worx
Date: May 2, 2006 at 19:59:39 Pacific

Reply:

step 4 in the Spyquake Removal instructions

Response Number 11

Name: jabuck
Date: May 2, 2006 at 20:12:27 Pacific

Reply:

Scroll dowm the page until you see the "manual removal instructions" (written in blue) and and start there. Or just double click "manual removal" also written in blue and it will take you to the instructions.
The automated link is not up-to-date.

Response Number 12

Name: jabuck
Date: May 3, 2006 at 03:58:05 Pacific

Reply:

If you still are having trouble with that link try it this way.

Please download smitRem.zip and save it to your desktop from this link http://noahdfear.geekstogo.com/smitRem.exe
Open the file and it will extract itself to a new folder called SmitRem. Do Not Run it Yet
Download Killbox from this link Download killbox from this link Killbox We will need it in safe mode later.
Download FixSQ.zip from this link http://castlecops.com/zx/flrman1/FixSQ.zip and save it to your desktop.
Unzip it to extract the FixSF.reg file it contains.
Reboot into safe mode by following the directions Here.
Go to Add/Remove programs and uninstall SpywareQuake if it is there. Do not restart your computer if it asks you to do so.
Doublclick on the FixSQ.reg file to add it to the registry.
Answer yes to confirm the merge.
Double-click on Killbox.exe to run it.
Put a tick by Standard File Kill.
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:
C:\WINDOWS\system32\stickrep.dll
C:\Program Files\SpywareQuake

Click on the button that has the red circle with the X in the middle after you enter each file.
It will ask for confimation to delete the file.
Click Yes.
Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
Killbox may tell you that one or more files do not exist.
If that happens, just continue on with all the files. Be sure you don't miss any.
Exit the Killbox.
While still in safe mode open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again, this is normal.
Wait for the tool to complete and Disk Cleanup to finish, this may take a while; please be patient
Run Ewido from safe mode .When the scan has completed, Ewido will create a report.txt file. Click the "Save Report" button on the bottom of the screen and save the log to your desktop.
Please reboot into normal mode and post the ewido log and a new HT log.

Response Number 13

Name: Leon Z
Date: June 26, 2006 at 14:36:56 Pacific

Reply:

The same thing keeps happening to me. Should I post my HijackThis log?

Sponsored Link

Ads by Google

Spyware worm

Wht is the latest on Incr...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: nod 32 virus threat keeps poping up

h91746 removal help plz

Summary

www.computing.net/answers/security/h91746-removal-help-plz/18046.html

DL..HTML KEEPS SHOWING UP \Virus

Summary

www.computing.net/answers/security/dlhtml-keeps-showing-up-virus/12205.html

Unknown win 32 virus help

Summary

www.computing.net/answers/security/unknown-win-32-virus-help/20728.html

From the Geek Dictionary
Support Line - An interesting concept where a user will call a number and an undereducated...

Ask a Question!

Weekly Poll
Did you go shopping on Black Friday?

Poll Finishes In 3 Days.
Discuss in The Lounge
Poll History

Recent Posts
start up problems

Need new Vid card?

Driver for Umax Asra 2100U with Windows 7

another redirect virus!

Internet Speed

All Awaiting Reply

Tom's News
12-inch Netbooks to Go Mainstream in 2010

Nintendo Sold 1.5 Million Systems Last Week

PS3 Sales Reach All Time High Over Black Friday

Google's Caffeine Search Engine Goes Live

Royal Navy to Use PSPs as Training Tools

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE