![]() ![]() * Click the Free Trial link under "Downloads/SpySweeper" to download the program. Please download WebRoot SpySweeper from HERE (It's a 2 week trial): Spyware:Cookie/Com.com Not disinfected C:\Documents and Not disinfected C:\Documents and Not disinfected C:\Documents and Not disinfected C:\Documents and Not disinfected C:\Documents and Not disinfected C:\Documents and Disinfected C:\Documents and Settings\Linda1\Local Settings\Temp\r.batĬ:\Documents and Settings\Linda1\Local Settings\Temp\wmgrm.exe Ĭ:\Documents and Settings\Linda1\Local Settings\Temporary Internet Files\Content.IE5\120TB17F\pecmorprep.exe Hacktool:rootkit/fu.a Not disinfected HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSDIRECTX ![]() O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe O23 - Service: CAISafe - Computer Associates International, Inc. O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe (file missing) O2 - BHO: Google Toolbar Helper - (ActiveScan Installer Class). R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BigPond Dial-Up Residential Internet Explorer R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSIE: Internet Explorer v6.00 SP1 (.1106)Ĭ:\Program Files\CA\eTrust Vet Antivirus\ISafe.exeĬ:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exeĬ:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exeĬ:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeĬ:\DOCUME~1\Linda1\LOCALS~1\Temp\wmgrm.exeĬ:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exeĬ:\Program Files\Internet Explorer\IEXPLORE.EXE Post another hijack this log and the active scan logs Make a note of the file location of anything that cannot be deleted so you When the scan is finished, anything that it cannot clean have it delete it. Unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveXĬontrols not marked as safe" to 'disable'. In the ActiveX section, set the first two options (Download signed and Go to Internet Options - Security - Internet, press 'default level', then OK. Make sure your ActiveX controls are set as follows: Run a few online scan here and post the logs from both of them! Where does e-trust say they are, what is there exact location! Don't click fix on anything in hijack this Click scan and save a logfile, then post it here so (Help me obi-wan kenobi, you're my only hope) ((not that I'm implying i'm princess leia))ĭownload hijack this from the link below.Please do this. the files associated with Efewe.B is msdirectx.sys in the C:\\ folder (yes that is right double slash) the Trykid is a.bat and Hostblock is b.bat. Vet reports that it deletes the infected files however they keep coming back. I've run Adaware, ewido anti-malware, Spyware Doctor and of course Vet antivirus and still no luck in getting rid of the trio. I suspected it might have been part of the problem, but when I rebooted, Vet reported the same problems. I ran msconfig.exe and on the Startup tab, unchecked a program called wmgrm.exe (that was located in the Temp folder of the current Windows user. I've tried looking in several forums, Vet website and with no luck found nothing. Vet pops up a dialog box with those viruses on it every time I boot the computer. I'm running Windows 2000 with service pack 4 on an old Pentium III.ĮTrust Vet Antivirus reports the following:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |