A sneaky, and annoying virus - Page 2

techpro5238 · 06-13-2008, 10:56 PM

Step1 | Kasperky WebScanner

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
- Scan Options:
- Scan Archives
  Scan Mail Bases
Click OK
Now under select a target to scan:
- Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

Step2 | MBAM Scan

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step3 | MWav Virus Scan

I need you to download MWav to a convenient location.

This scan might take around 3+ hours to finish when set to scan everything.
I need you to run MWav by double-clicking on mwav.exe.
Put a check next to the below items before scanning:

Memory
Startup Folders
Drive - All Local Drives
Folder - then click "browse" to change the directory to C: (default is C:\Windows)
Registry
System Folders
Services
Include Sub-Directory
Scan All Files

Please make sure ALL of these are checked, then press the Scan button. This typically will take hours to complete.

**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.

On the bottom portion of the window, you will see the lower panel where MWav is listing "infected items". When it's done scanning, please highlight everything in that lower panel and copy them by holding CTRL + C then paste it here. The whole log will be extremely BIG so there is no way to post the log. I just need the infected items list.

Logs Required In Next Post
--------------------------------

Kasperky Scan Log
MBAM Scan Log
MWav Scan Log

donaldj · 06-14-2008, 10:46 AM

Two hours later, it's only 15% done. (The kapersky thing)

Is there a problem?

Norton 360 Manager is running, but the Auto-Protect is turned off (along with almost everything else it can do... I can't turn them on... the virus maybe?)

donaldj · 06-14-2008, 11:32 AM

So... 1/3 isn't that bad.

Kapersky froze 18% in, and I didn't want to start a new one that would take half a day to complete.

Here's the log for MBAM:

----

Malwarebytes' Anti-Malware 1.17
Database version: 846

12:23:31 PM 14/06/2008
mbam-log-6-14-2008 (12-23-31).txt

Scan type: Quick Scan
Objects scanned: 43738
Time elapsed: 6 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Nvchost (Trojan.Goldun) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Osiris Spyware Scanner.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

----

And the download link for MWav is broken.

Qué será, será.

UPDATE: I went to MicroWorlds site directly and navigated directly to the MWav download page... it's running right now.
UPDATE 2: I forgot to mention that MBAM couldn't update, said it couldn't connect to the internet.

Redmo0n · 06-14-2008, 12:45 PM

I would highly recommend uninstalling Norton and never paying for it again.

It is a complete waste of money and hogs up a lot of resources and will cause you to lag. There are many other Free anti - viruses out there that do Norton's job 300x better and do it without lagging your system.

I recommend getting AVG, Avast! or NOD32 if you want to pay for an anti virus.

techpro5238 · 06-14-2008, 06:59 PM

Get to me with the MWav scan when you can.

donaldj · 06-15-2008, 07:52 AM

17 Hours later.... The MWav log.

File C:\PROGRA~1\LogMeIn\RaMaint.exe tagged as "not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.c". No Action Taken.
File C:\PROGRA~1\LogMeIn\RaMaint.exe tagged as "not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.c". No Action Taken.
File C:\$Recycle.Bin\S-1-5-21-996078836-2659842850-2965911744-1001\$RROJHGQ.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
File C:\$Recycle.Bin\S-1-5-21-996078836-2659842850-2965911744-1001\$RWQ9MWU.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
File C:\$Recycle.Bin\S-1-5-21-996078836-2659842850-2965911744-1001\$RZG2M3A.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
File C:\OpenVPNbeta2.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\LogMeIn\ramaint.exe tagged as "not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.c". No Action Taken.
File C:\Program Files\LogMeIn\update\x86__LogMeIn.dll tagged as "not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.f". No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\apojozyt.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\bpslzqvn.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\brlvbxhj.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\btrsetkt.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\bzifmwic.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\capilfvz.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\chgkrekd.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\clmhbfdy.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\cpricsxv.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\ecixqxri.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\eplrtuvr.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\eqasihsx.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\esggdbdy.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\fhmofkzx.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\flrkgmhl.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\frhgpvst.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\ghuovarf.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\gqqflrtw.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\gtiprgpy.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\henklhpa.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\hgvrjduq.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\hmeunzir.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\hmqrzrph.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\hvkslffv.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\icldgfcd.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\iphlromf.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\iplafutq.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\iyzqdjdi.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\kjyknhko.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\kyowegli.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\lhhwqinu.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\lkjvkgoo.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\lksvhclv.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\lvkixvak.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\mdhcyzlb.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\mlgvnygh.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\mvatiocs.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\mzjzttth.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\mznmewpg.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\ncvtiqfy.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\nfgdzleh.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\nyumrzyd.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\oaztfwtz.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\ofjldulk.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\oouicxrb.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\oqfxsskn.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\pbbzyptw.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\piikxnhn.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\pppibqfm.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\pwoocrue.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\qsdxioan.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\qzeqhpjv.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\rabctlih.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\rafgvltg.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\rafqzhmh.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\rctownmz.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\seidzvzb.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\tcynavhh.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.

donaldj · 06-15-2008, 07:54 AM

File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\tphhnxlm.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\uaawcljx.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\ujxnsdug.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\uqbosvxj.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\vawokzhp.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\vjetrbtv.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\vohiakep.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\vpfnojhw.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\vvqipexi.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\wdttzzon.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\wyvedsbg.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\xcpgyerg.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\xerfwgjm.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\zovasyvn.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\zpebbbzw.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\zqpnsvmw.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\ztaevxld.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\zztxxmow.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\Users\Donald\AppData\Roaming\GRETECH\GomPlayer\ GrLauncherTempSetup.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Users\Donald\Desktop II\daemon4121-lite.exe//stream//data0050 tagged as "not-a-virus:AdWare.Win32.Shopper.r". Action Taken: No Action Taken.
File C:\Users\Donald\Documents\My Downloads\tightvnc-1.3.9-setup.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Windows\FlyakiteOSX\Tools\wfpdisable.exe tagged as "not-a-virus:RiskTool.Win32.WFPDisabler.a". Action Taken: No Action Taken.
File C:\$Recycle.Bin\S-1-5-21-996078836-2659842850-2965911744-1001\$RROJHGQ.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
File C:\$Recycle.Bin\S-1-5-21-996078836-2659842850-2965911744-1001\$RWQ9MWU.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
File C:\$Recycle.Bin\S-1-5-21-996078836-2659842850-2965911744-1001\$RZG2M3A.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
File C:\OpenVPNbeta2.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\LogMeIn\ramaint.exe tagged as "not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.c". No Action Taken.
File C:\Program Files\LogMeIn\update\x86__LogMeIn.dll tagged as "not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.f". No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\apojozyt.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\bpslzqvn.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\brlvbxhj.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\btrsetkt.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\bzifmwic.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\capilfvz.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\chgkrekd.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\clmhbfdy.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\cpricsxv.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\ecixqxri.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\eplrtuvr.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\eqasihsx.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\esggdbdy.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\fhmofkzx.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\flrkgmhl.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\frhgpvst.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\ghuovarf.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\gqqflrtw.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\gtiprgpy.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\henklhpa.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\hgvrjduq.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\hmeunzir.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\hmqrzrph.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\hvkslffv.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\icldgfcd.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\iphlromf.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\iplafutq.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\iyzqdjdi.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\kjyknhko.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\kyowegli.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\lhhwqinu.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\lkjvkgoo.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\lksvhclv.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\lvkixvak.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\mdhcyzlb.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\mlgvnygh.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\mvatiocs.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\mzjzttth.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\mznmewpg.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\ncvtiqfy.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\nfgdzleh.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\nyumrzyd.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\oaztfwtz.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\ofjldulk.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\oouicxrb.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\oqfxsskn.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\pbbzyptw.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\piikxnhn.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\pppibqfm.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\pwoocrue.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\qsdxioan.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\qzeqhpjv.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\rabctlih.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\rafgvltg.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\rafqzhmh.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\rctownmz.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\seidzvzb.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\tcynavhh.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\tphhnxlm.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\uaawcljx.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\ujxnsdug.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\uqbosvxj.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\vawokzhp.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\vjetrbtv.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\vohiakep.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\vpfnojhw.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\vvqipexi.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\wdttzzon.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\wyvedsbg.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\xcpgyerg.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\xerfwgjm.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\zovasyvn.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\zpebbbzw.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\zqpnsvmw.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\ztaevxld.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\zztxxmow.exe infected by "Backdoor.Win32.Rbot.aea" Virus! Action Taken: No Action Taken.
File C:\Users\Donald\AppData\Roaming\GRETECH\GomPlayer\ GrLauncherTempSetup.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Users\Donald\Desktop II\daemon4121-lite.exe//stream//data0050 tagged as "not-a-virus:AdWare.Win32.Shopper.r". Action Taken: No Action Taken.
File C:\Users\Donald\Documents\My Downloads\tightvnc-1.3.9-setup.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Windows\FlyakiteOSX\Tools\wfpdisable.exe tagged as "not-a-virus:RiskTool.Win32.WFPDisabler.a". Action Taken: No Action Taken.

techpro5238 · 06-15-2008, 10:56 AM

Step1 | OTMoveIt2 Script

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code:

[kill explorer]
C:\OpenVPNbeta2.exe
C:\Users\Donald\AppData\Roaming\GRETECH\GomPlayer\GrLauncherTempSetup.exe
C:\Users\Donald\Desktop II\daemon4121-lite.exe
C:\Users\Donald\Documents\My Downloads\tightvnc-1.3.9-setup.exe
C:\Windows\FlyakiteOSX\Tools\wfpdisable.exe
[start explorer]

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Step2 | ATF Cleaner

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Step3 | Resetting Restore Points

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Step4 | Questions

1. Can you please give some information about the folder:
"C:\Windows\FlyakiteOSX"?

2. Did you create this folder:
"C:\Users\Donald\Desktop II"

Logs Required In Next Post
------------------------------

OTMoveIt2 Log
Step 4 Answers

donaldj · 06-15-2008, 12:35 PM

1. The log:

Explorer killed successfully
C:\OpenVPNbeta2.exe moved successfully.
C:\Users\Donald\AppData\Roaming\GRETECH\GomPlayer\ GrLauncherTempSetup.exe moved successfully.
C:\Users\Donald\Desktop II\daemon4121-lite.exe moved successfully.
C:\Users\Donald\Documents\My Downloads\tightvnc-1.3.9-setup.exe moved successfully.
C:\Windows\FlyakiteOSX\Tools\wfpdisable.exe moved successfully.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06152008_115858

2. All went well...

3. You gave me instructions for XP... In vista, when I opened the System Restore window, it told me "No restore points have been created on your computer's system disk"... I think I have it turned off... not sure...

4. FlyakiteOSX is a program (for XP) that makes your shell look like a mac. Sadly, I didn't notice it was for XP, isntalled it, and everything went crazy. I rebooted in safe mode, and thought I uninstalled it. All went back to normal, but I guess there are some reminants.

Desktop II is the place where I put all the stuff I download from the internet. Its a jumbled unorganized mess of stuff that I could probably delete, but am too lazy. Yes, I created it.

techpro5238 · 06-15-2008, 12:42 PM

Please wait for further instruction on how to reset your restore points

I am developing a instruction for it.

Member Login