virus/spyware

**kewama** · 27-10-2006

I managed to install AVG anti spyware, but was unable to follow Neal's instruction because the infected computer will only start in safe mode. When I try to start in regular mode, it keeps on restarting continously. I managed to run a regular scan with it, and it found 276 infected objects and I let it delete them. I also installed Spybot, Ad-aware, AVG Anti Virus. I ran scans with Ad-Aware & Spybot and deleted what they found, but I cannot get AVG Anti Virus to complete a scan. The last one I ran, it ran about half a scan and it locked the computer up. It scanned 16462 files and found 168 infected objects before it locked up. Most were identified as Win32/Virut.A. I tried an online virus scan from Trend Micro, but it locked the computer up as well. I tried AVG several times, but it repeatedly locked up about half a scan. I also installed Outpost firewall and it seems to be working, but not in safe mode. I am not on the infected computer now. I will keep trying to send a Hijack log file, but so far haven't been able to send one. Any ideas on how I might be able to run a Virus scan. How about a scan in DOS or something?

**kewama** · 27-10-2006

Logfile of HijackThis v1.99.1
Scan saved at 12:11:33 PM, on 10/27/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Google\ggviewer67-64.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.localnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by LocalNet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:8080
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe /waitservice
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\BellSouth Accelerator Technology\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\BellSouth Accelerator Technology\pac-image.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ ie_bar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.localnet.com/
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/potg_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.accelerator.bellsouth.net...ad/tgctlcm.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.runaware.com/dolphin/wficat.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00) - http://207.144.210.204/LNetCam.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147757538556
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yaho...bio5_1_3_0.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Unknown owner - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe (file missing)

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:48:59 AM 10/27/2006

+ Scan result:

C:\Documents and Settings\All Users\Application Data\AutoSearch.dll -> Adware.AutoSearch : Ignored.
C:\InstallerC.exe/AutoSearch.dll -> Adware.AutoSearch : Ignored.
C:\WINNT\cfg32.exe -> Adware.BookedSpace : Ignored.
C:\WINNT\cfg32a.exe -> Adware.BookedSpace : Ignored.
C:\Program Files\Batty2\Batty2.dll -> Adware.CASClient : Ignored.
C:\Program Files\Batty2\Batty2.exe -> Adware.CASClient : Ignored.
C:\Program Files\CMFibula\CMFibula.exe -> Adware.CASClient : Ignored.
C:\WINNT\system32\BattyRun2.dll -> Adware.CASClient : Ignored.
C:\Program Files\Common Files\bcmaoqop\bbbetbsnsd\tocddnrdr.exe -> Adware.Gator : Ignored.
C:\Program Files\Common Files\bcmaoqop\qaeepoat\eucfdoem.exe -> Adware.Gator : Ignored.
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\X3ATAINZ\Installer[1].exe -> Adware.Look2Me : Ignored.
C:\Installer4.exe -> Adware.Look2Me : Ignored.
C:\Installer5.exe -> Adware.Look2Me : Ignored.
C:\WINNT\system32\BXOWSEUI.DLL -> Adware.Look2Me : Ignored.
C:\WINNT\system32\MZHTML.DLL -> Adware.Look2Me : Ignored.
C:\WINNT\system32\WISSVC.DLL -> Adware.Look2Me : Ignored.
C:\WINNT\system32\avtxprxy.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\aza0ledm1h0a.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\azasli5718.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\azau09j9e.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\azau0e79eh.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\azaulih9184.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\azaulil918q.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\caosys.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\cviconfg.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\ddound.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\djnaddr.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\dkwsock.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\dn0401dqe.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\dnnm0151e.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\dtnmpntw.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\en0ul1d91.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\enrul1991.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\exent.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\f4l0le3m1h.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\f8j20i1oe8.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\fp0403dqe.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\fp0m03d1e.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\fp2003fme.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\fpj2031oe.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\fpjo0313e.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\fppm0371e.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\fpr2039oe.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\g2lm0c31ef.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\h4n0le5m1h.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\i8600ijme8oa0.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\iGspipe.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\ir2ol5f31.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\ir46l5hs1.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\ir4ol5h31.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\ir62l5jo1.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\ir88l5lu1.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\irl6l53s1.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\irnml5511.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\irnol5531.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\irrol5931.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\irrsl5971.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\ium32.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\j02qlaf51d2.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\j4l40e3qeh.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\j8p00i7me8.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\jP2qlaf51d2.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\k026lafs1d26.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\k4080edueh080.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\kqdbene.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\l4j80e1ueh.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\l4n40e5qeh.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\l80ulid9180.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\l8p20i7oe8.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\lv0s09d7e.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\lv6s09j7e.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\lv6u09j9e.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\lv8809lue.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\lvn4095qe.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\lvpu0979e.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\m028lafu1d28.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\m064lajq1doe.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\m0nqla551d.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\m2lslc371f.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\m4460ehseh460.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\m6460ghse6460.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\m828lifu1828.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\m8640ijqe8oe0.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\mfawt.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\mv00l9dm1.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\mv04l9dq1.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\mvj0l91m1.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\mvnol9531.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\mzisip.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\mzxml3.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\n4n60e5seh.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\n64s0gh7e64.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\n8p40i7qe8.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\nflanui2.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\nkwrsfi.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\ntwrsfr.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\o066lajs1do6.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\o8ro0i93e8.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\ortwa400.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\oxjsel.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\oymanage.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\p48q0el5ehq.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\p84ulih9184.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\p8n80i5ue8.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\q8psli7718.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\r68s0gl7e6q.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\rGsser.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\rdgwizc.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\rjamsp.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\ryutils.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\s088lalu1dq8.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\s4pu0e79eh.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\t68ulgl916q.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\t88ulil918q.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\tupmonui.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\wcfeman.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\wen87em.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\wodmps.dll -> Adware.Look2Me : Ignored.
C:\WINNT\system32\wyhtcpip.dll -> Adware.Look2Me : Ignored.
C:\warebundlenewer.exe -> Adware.Look2Me : Ignored.
HKLM\SOFTWARE\Classes\WSG.WSGObj -> Adware.WebSearch : Ignored.
HKLM\SOFTWARE\Classes\WSG.WSGObj\Clsid -> Adware.WebSearch : Ignored.
C:\WINNT\taskshed.exe -> Backdoor.Aimbot.ae : Ignored.
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\4IBPMOMH\boat[1].exe -> Backdoor.Aimbot.eu : Ignored.
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\X3ATAINZ\netapi[1].exe -> Backdoor.Rbot.bgs : Ignored.
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\2CY86MWO\netapi[1].exe -> Backdoor.Sdbot : Ignored.
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\T5JPB9M7\netapi[1].exe -> Backdoor.Sdbot : Ignored.
C:\asus.exe -> Backdoor.Sdbot : Ignored.
C:\dr.exe -> Downloader.Adload.ep : Ignored.
C:\WINNT\srvgeggvba.exe -> Downloader.Dyfuca.ey : Ignored.
C:\WINNT\srvyofbzqx.exe -> Downloader.Dyfuca.ey : Ignored.
C:\installerwnusnewer.exe -> Downloader.Qoologic.at : Ignored.
C:\WINNT\ms058328947172000.exe -> Downloader.VB.anl : Ignored.
C:\WINNT\sys02717832894.exe -> Downloader.VB.anl : Ignored.
C:\SS1001newer.exe -> Dropper.Small.qn : Ignored.
C:\Documents and Settings\user\Desktop\TagASaurus.exe -> Hijacker.Small : Ignored.
C:\WINNT\v1201.exe -> Hijacker.Small : Ignored.
C:\Program Files\Agnitum\Outpost Firewall 1.0\Plugins\AntiSpyware\quarantine\00000517.asw -> Hijacker.Small.jf : Ignored.
C:\Program Files\Agnitum\Outpost Firewall 1.0\Plugins\AntiSpyware\quarantine\00000518.asw -> Hijacker.Small.jf : Ignored.
C:\Program Files\Agnitum\Outpost Firewall 1.0\Plugins\AntiSpyware\quarantine\00000519.asw -> Hijacker.Small.jf : Ignored.
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\2CY86MWO\server[1].exe -> Logger.Agent.op : Ignored.
C:\windows\autoexec.exe -> Logger.Agent.op : Ignored.
C:\WINNT\Downloaded Program Files\UWA6P_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Ignored.
C:\Program Files\Agnitum\Outpost Firewall 1.0\Plugins\AntiSpyware\quarantine\00000401.asw -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
C:\WINNT\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.e xe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
C:\WINNT\Downloaded Program Files\UERS_9999_N91S2507NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
C:\WINNT\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
C:\Documents and Settings\user\Cookies\user@2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\user\Cookies\user@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Default User\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Ignored.
C:\Documents and Settings\Default User\Cookies\system@c.goclick[1].txt -> TrackingCookie.Goclick : Ignored.
C:\Program Files\Agnitum\Outpost Firewall 1.0\Plugins\AntiSpyware\quarantine\0000050d.asw -> TrackingCookie.Yieldmanager : Ignored.
C:\Program Files\Jpelbmd\Tvxfvo.exe -> Trojan.Small.cy : Ignored.
C:\WINNT\uni_ehhhh.exe -> Trojan.VB.tg : Ignored.
C:\WINNT\uninst104.exe -> Trojan.VB.tg : Ignored.

::Report end

**kewama** · 27-10-2006

Log file sent. also a copy of the scan results on AVG Anti spyware. Sorry I can't do better, but I am running is safe mode putting up the computer restarting on its own.

**VopThis** · 27-10-2006

The available feedback from the AVG Anti-Spyware (AVG AS) scan tells me that Look2Me and other significant infections are seriously impacting your PC. Re-run AVG AS and put everything found into quarantine. You will then likely be able to get into Normal Mode and we can proceed from there.

It may be possible that your infections are quick to drain memory and process integrity while other processes are trying to eradicate them. Scanning in shorter time frames may be a more appropriate and necessary strategy to consider.

Any ideas on how I might be able to run a Virus scan. How about a scan in DOS or something?

Try NOD32 for DOS http://www.eset.com/download/index.php

Furthermore, it may be necessary to initially scan very select FOLDERS such as (and possibly boot in between scans):

C:\WINNT\System32\
C:\Program Files\
C:\WINNT\ (ever larger focus)
C:\ (larger still)

**kewama** · 28-10-2006

I kept running AVG Antispyware until it quarantined all it found. Then I ran AVG Anti-Virus and the first scan found 1015 infected objects, but only removed 4 of them. I ran it again and it found 1011, but could not remove any of them. All of this was in safe mode, since I still cannot boot up in Normal mode. 99.9% of what it found was Win32/Virut.A virus. What's wrong with AVG that it cannot remove them. Is it incorrect settings? I have looked, but cannot locate a place to change settings. I found In Test Results, if you highlight an object, it gives you the option of moving to vault. Is this safe and correct way to eliminate them.

**VopThis** · 28-10-2006

The named virus (Win32/Virut.a) does not infect an existing file - the file is the virus and must be put in the vault or deleted. AVG is trying to clean a file that can't be cleaned and fails accordingly by default.

See if the following helps explain this:

http://forum.grisoft.cz/freeforum/re...ackpage=20,sv=

removing all of the infection means there is no file left, these also can't be healed.. only quarantined into the vault or deleted

Try another AV tool if your issues fail to be addressed.

**kewama** · 30-10-2006

The computer has finally died. It won't boot up now in safe mode or normal. I need a restore disk to restore it to factory condition. Any ideas where I can get one?

**VopThis** · 30-10-2006

Is your PC from a 'branded' maker such as HP, Dell, Toshiba, etc. and/or preferably does your PC BOX or documentation have a proof for 'Certificate of Authenticity' for NT/2K O/S?

**kewama** · 31-10-2006

The computer is not a brand name computer. The computer was given to me because it didn't work and I thought I might be able to get it running, since I suspected it was infected. There was no documentation, nothing except the box. I did notice when it was up and running that there were several updates from Microsoft and I did try to update from microsoft, but was unable to since it would run only in safe mode with networking or safe mode, and wouldn't let me update. There is no sticker, labels or anything on box.

**VopThis** · 31-10-2006

You will probably need to take it to shop to assess your options. Sounds like you may need a new drive. If the Hhardware is recent enough, you could consider waiting for the latest XP O/S replacement - Vista, expected due out in January 2007.

virus/spyware

Re: virus/spyware

Similar Threads

Help with spyware or virus!

plz help me from this spyware or virus whatever it is

Spyware & Virus' 1 - Me, 0

Spyware Or virus? or both?

possible virus/spyware