Name: dyamond Date: April 21, 2007 at 07:37:20 Pacific Subject: Win32.Fontra.C HELP! OS: Windows ME CPU/Ram: 128 MB Model/Manufacturer: HP Pavilion XT914
Comment:
Ok i need help. The other day my pc started acting really slow, taking 5 mins to load IE (which never happens), so i know i have a virus. My virus scanner didnt pick it up but Kapersky and Trend-Micro's House Call did. The problem is i know exactly where the virus is BUT I CANT GET RID OF IT!!! its located in the C:\_RESTORE\TEMP files and i've tried cleaning them and deleting them, with NO success. I dont know what else to do! please help!
Here is a copy of what Kapersky found.
Thursday, April 19, 2007 4:05:02 PM Operating System: Microsoft Windows Millennium Edition Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 19/04/2007 Kaspersky Anti-Virus database records: 281762
Scan Settings Scan using the following antivirus database standard Scan Archives true Scan Mail Bases true
Scan Target My Computer a:\ c:\ m:\
Scan Statistics Total number of scanned objects 36355 Number of viruses found 1 Number of infected objects 63 / 0 Number of suspicious objects 0 Duration of the scan process 00:55:54
Infected Object Name Virus Name Last Action c:\WINDOWS\TEMP\ZLT0257c.TMP Object is locked skipped
c:\WINDOWS\TEMP\~DF3425.TMP Object is locked skipped
c:\WINDOWS\Cookies\index.dat Object is locked skipped
c:\WINDOWS\SYSTEM\CatRoot\SYSMAST.cbk Object is locked skipped
c:\WINDOWS\SYSTEM\CatRoot\SYSMAST.cbd Object is locked skipped
c:\WINDOWS\SYSTEM\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATMAST.cbk Object is locked skipped
c:\WINDOWS\SYSTEM\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATMAST.cbd Object is locked skipped
c:\WINDOWS\WIN386.SWP Object is locked skipped
c:\WINDOWS\SchedLog.Txt Object is locked skipped
c:\WINDOWS\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
c:\WINDOWS\Application Data\Verizon\VSP\client_gateway.log Object is locked skipped
c:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
c:\WINDOWS\History\History.IE5\index.dat Object is locked skipped
c:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
c:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
c:\WINDOWS\Internet Logs\HPPAV.ldb Object is locked skipped
Download and install AVG Anti-SpywareWe will need this later in safe mode
Be sure to update AVG Anti- Spyware
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button.
In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Post the AVG log.
If you still have problems lease post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified.
Please download HJTsetup.exe from this link http://www.thespykiller.co.uk/files/HJTsetup.exe to your desktop. Doubleclick on the HJTsetup.exe icon on your desktop. By default it will install to C:\Program Files\Hijack This. Continue to click "next" in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue. Put a check by "Create a desktop icon" then click "Next" again. Continue to follow the rest of the prompts from there. At the final dialogue box click "Finish" and it will launch Hijack This. Click on the "Do a system scan and save a logfile" button. It will scan and the log should open in notepad. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log and post it in this thread.
Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.
ok, i downloaded ATF, but when i went to setup AVG it saidit couldnt set up because i needed windows 2000 at least (i have ME) should i continue with the steps but omit that part?
ok i ran ATF in safe mode but AVG still told me that i needed windows 2000 to run setup, so instead i ran hijackthis. Here is the log from that:
Logfile of HijackThis v1.99.1 Scan saved at 5:57:29 PM, on 4/22/2007 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Run this free online scan from Kaspersky http://kaspersky.com/kos/english/kavwebscan.html Click Accept When the updates are finished downloading, click Next, Scan Settings Under Scan using the following antivirus database:, select extended Make sure the Scan Archives and Scan Mail Bases options are selected as well. Click OK Click My Computer and wait for the scan to finish Click Save Report As. Under Save as type:, select Text file. Save this log to your Desktop and post a copy of it here.
yikes! it looks like i've ended up with more then i started with. i started with 1 and now kaspersky said they found 6. I have an anti-virus AND a firewall, how do i keep getting them? i've had this pc for 7 yrs (i know i need a new one lol) and i've never had this problem before, sigh.
i do really, really appreciate all the help you are giving me, thank you! (i must admit since hijackthis deleted those files you told me too IE has been loading faster!)
Here is kaspersky latest scan:
Monday, April 23, 2007 11:25:47 PM Operating System: Microsoft Windows Millennium Edition Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 24/04/2007 Kaspersky Anti-Virus database records: 301263
Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true
Scan Target My Computer a:\ c:\ m:\
Scan Statistics Total number of scanned objects 33072 Number of viruses found 6 Number of infected objects 69 / 0 Number of suspicious objects 0 Duration of the scan process 00:53:40
Infected Object Name Virus Name Last Action c:\WINDOWS\TEMP\ZLT07c83.TMP Object is locked skipped
c:\WINDOWS\TEMP\~DF85E8.TMP Object is locked skipped
c:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
c:\WINDOWS\Cookies\index.dat Object is locked skipped
c:\WINDOWS\SYSTEM\CatRoot\SYSMAST.cbk Object is locked skipped
c:\WINDOWS\SYSTEM\CatRoot\SYSMAST.cbd Object is locked skipped
c:\WINDOWS\SYSTEM\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATMAST.cbk Object is locked skipped
c:\WINDOWS\SYSTEM\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATMAST.cbd Object is locked skipped
c:\Program Files\Verizon\SmartBridge\SmartBridge.log Object is locked skipped
c:\Program Files\Verizon\SmartBridge\AlertFilter.log Object is locked skipped
c:\Program Files\Verizon\SmartBridge\log\httpclient.log Object is locked skipped
Scan process completed.
And here is hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 11:34:52 PM, on 4/23/2007 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Click Start> Find> and then click Files Or Folders. In the Named box, type "downloaded program files" without the quotes, and then click Find Now. Double-click Downloaded Program Files, right-click this file "UWA7P_0001_N91M0809NetInstaller.exe" and then click Remove. exit the seach function.
Next purge "system restore". How to purge System Restore in Windows Me. Note: This will delete any previously created restore points.
Go to Start|Settings|Control Panel. Double-click 'System', then click on the Performance tab. Click 'File System' then click the Troubleshooting tab. Select 'Disable System Restore' and click 'Apply'. This disables System Restore. You should now immediately re-enable it.
Now deselect 'Disable System Restore' and click 'Apply'. Click 'Close', then click 'Close' again. Restart the computer.
Wednesday, April 25, 2007 8:14:29 PM Operating System: Microsoft Windows Millennium Edition Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 26/04/2007 Kaspersky Anti-Virus database records: 302303
Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true
Scan Target My Computer a:\ c:\ m:\
Scan Statistics Total number of scanned objects 28460 Number of viruses found 2 Number of infected objects 2 / 0 Number of suspicious objects 0 Duration of the scan process 00:50:10
Infected Object Name Virus Name Last Action c:\WINDOWS\TEMP\ZLT0609b.TMP Object is locked skipped
c:\WINDOWS\TEMP\~DF24E5.TMP Object is locked skipped
c:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
c:\WINDOWS\Cookies\index.dat Object is locked skipped
c:\WINDOWS\SYSTEM\CatRoot\SYSMAST.cbk Object is locked skipped
c:\WINDOWS\SYSTEM\CatRoot\SYSMAST.cbd Object is locked skipped
c:\WINDOWS\SYSTEM\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATMAST.cbk Object is locked skipped
c:\WINDOWS\SYSTEM\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATMAST.cbd Object is locked skipped
c:\WINDOWS\WIN386.SWP Object is locked skipped
c:\WINDOWS\SchedLog.Txt Object is locked skipped
c:\WINDOWS\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
c:\WINDOWS\Application Data\Verizon\VSP\client_gateway.log Object is locked skipped
c:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
c:\WINDOWS\History\History.IE5\index.dat Object is locked skipped
c:\WINDOWS\History\History.IE5\MSHist012007042520070426\index.dat Object is locked skipped
c:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
c:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
c:\WINDOWS\Internet Logs\HPPAV.ldb Object is locked skipped
c:\_RESTORE\LOGS\vxdsfp.log Object is locked skipped
c:\_RESTORE\LOGS\vxdalt1.log Object is locked skipped
c:\Program Files\Verizon\SmartBridge\SmartBridge.log Object is locked skipped
c:\Program Files\Verizon\SmartBridge\AlertFilter.log Object is locked skipped
c:\Program Files\Verizon\SmartBridge\log\httpclient.log Object is locked skipped
c:\Program Files\Webshots\Collections\Webshots Scenic Sampler.wbc Object is locked skipped
c:\Program Files\Webshots\Collections\Flowers & Gardens - Roses.wbc Object is locked skipped
c:\Program Files\Webshots\Collections\Specialty - Bible Verses.wbc Object is locked skipped
c:\Program Files\Webshots\Collections\Nature Scenes - Oceans.wbc Object is locked skipped
c:\Program Files\Webshots\Collections\Skylines - Philly Skyline.wbc Object is locked skipped
c:\Program Files\Webshots\Collections\People - Pics.wbc Object is locked skipped
Scan process completed.
I looked in downloaded program files to delete UWA7P_0001_N91M0809NetInstaller.exe but it wasnt in there, so i did a search through the system for it (i thought maybe i looked in the wrong place) but the search was empty.
The information on Computing.Net is the opinions of its users. Such
opinions may not be accurate and they are to be used at your own risk.
Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net, LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE
