Avast WEBforum
Other => Viruses and worms => Topic started by: HibikiKano on January 05, 2008, 10:46:06 PM
-
Alright luckily i have access to another computer to figure out how to fix my comp.
:-[ I'm ashamed to say that i do not have any protection software on at the moment except Ad-Aware. Did download Avast from this borrowed comp but am not sure if its safe to transfer to my regular comp if i should send it over an USB in safe mode or in normal more. I do now want to corrupt Avast upon install.
I first got suspicious of it half an hour ago when i noticed while browsing in my computer that about a dousen or so files appeared since the last time i passed that folder (between the two checks it was 5 minutes no more)
Files that appeared:
1:
E:\sqmdata00.sqm (all the numbers from 00 to 19) E:\sqmdata19.sqm
E:\sqmnoopt00.sqm ( again all the files ranging from -00.sqm to -19.sqm)
(note that my E:\ is what is normally C:\ on normal computers ...its complicated to explain why just thrust me on this one :P)
2:
I noticed that my computer started going ridiculously slow and pressed CTRL ALT DEL to see the processes that clogged my comp. But all i got was a warning "Task manager has been disabled by your administrator" allowing only an ok button to close it ...and i am the administrator and did no such thing ..(( although there are 3 other accounts (all family) no one except me uses this computer ))
Note: After it got this far i immediately plugged out my internet cable knowing i probably got into a mess here.
I ran up my Ad-aware while downloading avast on my other comp since its the only diagnostic tool i have (i use only firefox with strong limitations and blockers and have a strong firewall on my router :'( so i didn't see the point in having any antiviruses on)
Soon after that i got a very odd message from my computer
---"Spyware Alert
Security Warning!
Worm.Win32.NetSky detected on your macine. This is a virus distribute via the Internet through e-mail and Active-X objects. The worm has its own SMTP engine with means it gathers e-mails from your local computer and re-distributes itself. In worst cases this worm can allow attackers to access your computer stealing passwords and personal data.
This process should be removed from your system.
Type: Virus
System affected: Windows 2000, NT, Me, XP, Vista
Security Risk (0-5): 5
Recomentations: Click yes to remove it from your PC immediately"---
PS: I am not very good at English it being only my 2nd foreign language but i think recomentations shuld have a double mm in it.
I found it very odd since it had a strange symbol in my taskbar (red circle with a cross in it) and it was impossible to close via ALT+F4 and right clicking it only allowed the move option. Which made me doubt in it. And i did nothing not clicking yes or no.
A few moments after that it opened an explorer ( luckily i plugged out the cable ) so i asked me to connect or work offline. If i press work offline i see for a very very brief moment at the top of the explorer window a res\\windows\system (and i forgot exactly because it flashed too fast i will try to photograph it and send the picture it was another file in s though)
the page then follows http://www.safnenvweb.com/index.php?sid=502&said=0&pn=5&aid=454&pid=0
I also noticed that my explorer has some odd tools installed: The ensfolr (remove popups, scan spyware,security test,spam protection) (i never use Iexplorer and i also never added any tools to it ever.)
After another moment i noticed that on my desktop 3 new icons appeared 2 of them very neatly done if i may add. (in properties all 3 are internet shortcuts 4KB size on disk and about 270B size)
Error Cleaner (URL:http://viruswebprotect.com/shandler.php?sid=502&said=0&pn=5&aid=454&sg=1)
Spyware&Protection(URL:http://viruswebprotect.com/shandler.php?sid=502&said=0&pn=5&aid=454&sg=2)
Privacy Protector (URLhttp://viruswebprotect.com/shandler.php?sid=502&said=0&pn=5&aid=454&sg=0)
My desktop wallpaper is still the same thought and the other icons on my desktop are ok
Just now i also got a Windows Security Alert
"Windows has detected an Internet atack attempt...
Somebody's trying to infect your PC with spyware or harmfull viruses. Run full system scan now to protect your PC from internet attacks,hijacking attempts and spyware. Click here to download spyware remover for total protection."
this one can actually be closed.but i did not do that so far
I also noticed that my computer keeps automatically jumping from one window to the other like if using ALT+TAB all the time. and windows flash as if something new happened on them while they where minimised. And my computer is going impossibly slow right now, taking forever to enter a folder.
My Ad-Aware found a few slightly insignificant trackers and a reg key (still wondering about avast how to install it safely) Reg key: HKEY_USERS:S-1-5-21-1993962763-842925246-1957994488-1003\software\microsoft\windows\currentversion\policies\system"DisableTaskMgr"()
(should i quarantine the things Ad-ware found or delete them or leave them alone for further study with better programs...also should i turn off my infected and now internetless computer? )
Can you please help :-\ I have way way too much studying material and collage things on this copmuter to Format everything and reinstall everything.
Help pweety pweety please with lots of shugar on top and a marshmellow and pickles :-\
-Hibiki
-
Hi HibikiKano,
First give this computer a good av scan, download DrWeb CureIt from here:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
Give it a swirl, and see what it finds with a full scan.
Report what it has found.
Because you have also other malware problems do a full Hitman Pro from www.hitmanpro.nl , this is a shell program consisting of multi anti-malware programs against viruses, spyware, adware, rootkits etc. After installation the program is started automatically, click and tag "Controleren van updates" that means "Check for updates", and let the program download all the updates, sometimes you have to restart a few times to update all, than via Start have all of your computer scanned. The total scan can take quite some time, click the Option "Gevaren automatisch verwijderen" what means in English (Delete dangers automatically), so the malware is deleted immediately. Sometimes during the routine other software is being downloaded needed for further cleansing, sometimes you have to accept a licence, click "Ja"= "Yes" for all instances, and let Hitman Pro have its way, it is being used by Professional Cleaners of Malware in The Netherlands and South-Africa, and is among the best multi-anti malware programs I know of.
After this has done what it should do, post a hijackthis logfile here,
polonus
-
un ..i know its a very very noobish request T.T but can i have a safe link to hijackthis ...this is my fathers comp and i dont want to mess this one up the same way i messed mine (yes i went to a unsafe link ..i thought the firefox+router firewall would block everything)
and hsuld i run those programs from safe more or normal?
Thank you
-
Hi the safe link is in Firefox with NoScript add-on activated, and download from here:
http://www.spychecker.com/download/download_hijackthis.html
Sometimes a hjt log txt is longer than goes in 1 post, use more than 1 then,
And then print the instruction of the above posting out, and do exactly as I told you, and your father will be proud of you, nihon iti!
polonus
-
Sorry Hitman pro is taking ages :-[ i kinda have alot of data on. I did notice though that it atacked my explorer so my computer was utlra slow untill i found it out and disabled exporer all together. :-\
-
Hi HibikiKano,
Can't you post a hijackthis log just to see what is making your computer that slow?
You can also do a scan with this scanner:
http://www.microsoft.com/downloads/details.aspx?FamilyID=ad724ae0-e72d-4f54-9ab3-75b8eb148356&displaylang=en
polonus
-
It is going pretty well now Hitman is already at the Ewido one so i guess it wont take long anymore. I just have to go everything with my explorer killed i noticed that every 5 minutes it spiked up and used 99% of my comp. So i hope that ewdigo wont take too long and that i can send the HJT log today ^^; does HJT take long?
-
Just popping in to comment on "sqmdata00.sqm " Window live messenger data files :)
HJT runs in seconds.
out the door I go. :D
-
._. ....they are??
Come to think of it, I really DID download something from my friend over live messenger and it really DID act alil awkward during the download and it was all 10 minutes before the whole copmuter dieing scene started :-\
I never did like that new live messanger come to think of it.
I will send all the logfiles first thing in the morning. ^^; I'm very sorry to keep you waiting so long for them.
-
Alright here are the logs :-\ for now things run smooth on my comp and it was running idle for an hour without anything strange happening. So for now thank you a lot ^^
I added the Ad-aware log too ran that a little before i ran Hitman.
My brother advised me to use Trinity Rescue Kit and BackTrack both are live CD's. Can i get any comments on those please.
Oh, i read somewhere here that about the hiberfil.sys and i noticed that mine is over 500 MB by now. And this is a desktop machine so i don't really use hibernation. And i cant find that topic again on how to delete it :P , is going to your Power Option and disabling hibernation and then just deleting it enough?
-
Hi HibikiKano,
Now first download ATF Cleaner from here: http://www.atribune.org/ccount/click.php?id=1
Choose select all, tag it, Click "Empty Selected", and that is all your temp files clean..
HitmanPro cleansed and protected your OS, and found various tracking cookies,
push Control+Shift+Delete keys at once in Firefox clears Private Data (a.o. cookies);
There are still things in your Hijackthislog that point at an spyware infection: ensfollr.dll.
So we are going to clear that from your computer with the SmiFraudFix.tool
Please download SmitfraudFix (by S!Ri) to your Desktop.
Download this ptool from: http://siri.urz.free.fr/Fix/SmitfraudFix.exe
Double-click Smitfraudfix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply as an attachment.
IMPORTANT: Do NOT run any other options until you are asked to do so!
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool";
it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
polonus
P.S. Trinity Rescue Kit is good freeware, but is too heavy artillery for your spyware problem,
it needs expert guidance and is a means of last resort,
Damian
-
Alright, i got this from it :-\
I am also sending todays Hijackthis log.
-
Hi HibikiKano,
Please download the OTMoveIt by OldTimer from: http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
* Save it to your desktop.
* Please double-click OTMoveIt2.exe to run it.
* Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\bklgvsf.dll
C:\WINDOWS\ampkfst.dll
* Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
* Click the red Moveit! button.
* Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
* Close OTMoveIt
*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.
**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")
Click "Exit" to close OTMoveIt.
Then we return to Smitfrauffix again:
Please print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
Please reboot your computer in Safe Mode by doing the following :
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe again.
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report along with all others into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Warning : Running option #2 on a non-infected computer will remove your Desktop background.
polonus
-
Hi im posting MoveIt log first before restarting.
DllUnregisterServer procedure not found in E:\WINDOWS\bklgvsf.dll
E:\WINDOWS\bklgvsf.dll NOT unregistered.
E:\WINDOWS\bklgvsf.dll moved successfully.
DllUnregisterServer procedure not found in E:\WINDOWS\ampkfst.dll
E:\WINDOWS\ampkfst.dll NOT unregistered.
E:\WINDOWS\ampkfst.dll moved successfully.
OTMoveIt2 v1.0.5 log created on 01072008_210705
On the side note :-\ my desktop background is normal. And i kinda like it since i made it myself so is it safe to make a copy of it?
-
Hi HibikiKano,
Post a new HJT log, maybe all is OK, and your comp is clean now, make a copy of your desktop background, that is OK. We still have to unregister these dll's.
polonus
-
Alright this is what i got out of it. My desktop is gone like you said it would. And so far it seems alright.
Except i checked my IExplorer and i still have the Ensfolr toolbar there o_o
-
hmm but what did you mean with unregister those dll's ? :-\
-
Hi HibikiKano,
We are going to clean them now with HijackThis, this is what it means.
So start HijackThis, tag the following two lines
O21 - SSODL: ampkfst - {7E7515E4-E1AC-4B88-94BA-FD8790CF1354} - E:\WINDOWS\ampkfst.dll (file missing)
O21 - SSODL: bklgvsf - {04AFF8EB-AF95-4DAD-98AA-E02010A02598} - E:\WINDOWS\bklgvsf.dll (file missing)
Then give enter, and that is it,
polonus
-
you mean fix checked?
Sorry for the late reply i had to eat something
-
Hi HibikiKano,
That is what I meant, only these two lines:
O21 - SSODL: ampkfst - {7E7515E4-E1AC-4B88-94BA-FD8790CF1354} - E:\WINDOWS\ampkfst.dll (file missing)
O21 - SSODL: bklgvsf - {04AFF8EB-AF95-4DAD-98AA-E02010A02598} - E:\WINDOWS\bklgvsf.dll (file missing)
That will must have rid you of the ensfolr toolbar malware.
polonus
-
K now do I reboot and send a new hijackthis log?
-
Hi HibikiKano,
Hai. That is yes. はい
polonus
-
Teehee thanks i knew that, i had some basic japanese :-[ but can't study it further here.
un here is the new logfile but ensflor is still there.
-
Hi HibikiKano,
That one we gonna kill with Toolbarcop, download it from here:
http://www.majorgeeks.com/download4126.html
In toolbarcop fix the ensfolr toolbar like you worked the HJT entries,
then reboot and post a hijackthis log,
==========================================
The manual removal instructions for the ensfolr toolbar:
Ensfolr Toolbar manual removal instructions:
Delete Ensfolr Toolbar files. Disable and remove Ensfolr Toolbar dll’s:
dxpvqlmpdn.dll
ensfolr.dll
ampkfst.dll
bklgvsf.dll
Delete Ensfolr Toolbar registry subkeys:
HKCR\CLSID\{14E52265-CCA3-4F78-A21B-88F4EE6E78C1}
HKCR\Interface\{6E9078DA-0C69-47B0-9637-2734104BD217}
HKCR\TypeLib\{5328D226-7057-4B06-9E4A-7829BFA7CA78}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{14E52265-CCA3-4F78-A21B-88F4EE6E78C1}
HKCR\ensfolr.ToolBar.1\CLSID
{14E52265-CCA3-4F78-A21B-88F4EE6E78C1}
HKCR\ensfolr.bkwo\CLSID
{14E52265-CCA3-4F78-A21B-88F4EE6E78C1}
HKCR\ensfolr.ToolBar.1
HKCR\ensfolr.bkwo
If you do the latter, backup your registry first
polonus
-
The manual for toolwarcop is here:
http://www.winhelponline.com/tbchelp.htm
polonus
-
Hi HibikiKano,
That one we gonna kill with Toolbarcop, download it from here:
http://www.majorgeeks.com/download4126.html
In toolbarcop fix the ensfolr toolbar like you worked the HJT entries,
then reboot and post a hijackthis log,
==========================================
The manual removal instructions for the ensfolr toolbar:
Ensfolr Toolbar manual removal instructions:
Delete Ensfolr Toolbar files. Disable and remove Ensfolr Toolbar dll’s:
dxpvqlmpdn.dll
ensfolr.dll
ampkfst.dll
bklgvsf.dll
Delete Ensfolr Toolbar registry subkeys:
HKCR\CLSID\{14E52265-CCA3-4F78-A21B-88F4EE6E78C1}
HKCR\Interface\{6E9078DA-0C69-47B0-9637-2734104BD217}
HKCR\TypeLib\{5328D226-7057-4B06-9E4A-7829BFA7CA78}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{14E52265-CCA3-4F78-A21B-88F4EE6E78C1}
HKCR\ensfolr.ToolBar.1\CLSID
{14E52265-CCA3-4F78-A21B-88F4EE6E78C1}
HKCR\ensfolr.bkwo\CLSID
{14E52265-CCA3-4F78-A21B-88F4EE6E78C1}
HKCR\ensfolr.ToolBar.1
HKCR\ensfolr.bkwo
If you do the latter, backup your registry first
polonus
allright so far i only nanaged to find ensfolr.dll
i found a dxpvqlmtqn.dll is that the same as the dxpvqlmpdn.dll you told me ?
i cant find
ampkfst.dll
bklgvsf.dll
i also cant find any of those regkeys in ToolBarCop :-\
Shuld i search for them in Regedit?
Ok this is what it gives me
-
Hi HibikiKano,
First try to delete all that is related with this toolbar as far as toolbarcop give it,
kill this dxpvqlmtqn.dll & ensfolr.dll
INFO says it is malware:
DXPVQLMTQN.DLL has been seen to perform the following behavior(s):
* Creation and Registration of a Browser Helper Object in Internet Explorer
* Enables an In Process Object/Server - Common with DLL Injections
* Registers a Dynamic Link Libray (DLL) File
DXPVQLMTQN.DLL has been the subject of the following behavior(s):
* Created as a process on disk
* Registered as a Dynamic Link Libray (DLL) File
* Enabled as an In Process Object/Server - Common with DLL Injections
* Deleted as a process from disk
* Registered as a Dynamic Link Library File
First delete the unwanted lines in Toolbar cop,
then put DXPVQLMTQN.DLL and remove with OTMoveIt,
You can take the registry items out, only those I gave, and exactly as given,
copy your registry first, so you can back it up if that should be.
See if the toolbar has gone, then your computer is clean again,
あなたのコンピュータはきれい今である。
polonus
-
HI guys, this might make it easier:
Fix these in HJT
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: BDEX System - {1AC7107A-938F-4347-864C-C51E49EC586E} - E:\WINDOWS\dxpvqlmtqn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: The ensfolr - {3723900A-B26F-40EC-B606-B7B37132B83F} - E:\WINDOWS\ensfolr.dll
and use OTMOVEIT for these
E:\WINDOWS\dxpvqlmtqn.dll
E:\WINDOWS\ensfolr.dll
i cant find
ampkfst.dll
bklgvsf.dll
Those where removed earlier ;)
-
Hi oldman,
We could do that, we'd nearly arrived at that point anyway. Then HibikiKano can see whether his malicious toolbar has left his computer for good,
polonus
-
Alright i didnt find a single one of the keys you told me about.
i did find the
HKCR\ensfolr.brft
and
HKCR\ensflor.ToolBar.1
and they only key they have is the same and its in their CLASID\{3723900A-B26F-40EC-B606-B7B37132BB3F}
-
Hi HibikiKano,
Let us try now the solution that oldman proposed:
Fix these in HJT
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: BDEX System - {1AC7107A-938F-4347-864C-C51E49EC586E} - E:\WINDOWS\dxpvqlmtqn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: The ensfolr - {3723900A-B26F-40EC-B606-B7B37132B83F} - E:\WINDOWS\ensfolr.dll
and use OTMOVEIT for these
E:\WINDOWS\dxpvqlmtqn.dll
E:\WINDOWS\ensfolr.dll
Then it will be gone into digital oblivion, as part of it already has,
then you can see if the registry things you found are still there,
and take these out as well,
polonus
-
Yay! It seems to work well now and the toolbar is gone too ^^
i added the final Hijackthis log too.
ありがとごやいます!!! ^_^ (my japanese isnt good enough to read that you wrote before though im sorry T.T )
-
Hi HibikiKano,
Your hijackthis logfile looks clean. The Japanese reads: "Your computer is clean".
Thank you for being with me in this malware cleansing routine,
Join our forum, and I wish you many a malware free day,
polonus
-
Thank you alot for all your help ^^
Oh i wanted to ask one more thing when i go into my taskbar i always find ViewpointService and i dont remember putting it on. Shuld i try to get rid of it somehow too?
-
Hi HibikiKano,
Is this another toolbar:
Overview:
ViewPoint Toolbar will hijack your search queries and also transmits non personally identifiable information back to their servers (It's still data therefore spyware as far as I'm concerned.) Here is a quote from the download.com review.
"This free toolbar offers a way to save bookmarks in visual form, as well as a fairly capable pop-up blocker. The Viewpoint Toolbar has an attractive, compact interface that quickly expands when necessary. For example, if you want to view screenshots of bookmarks, you simply click a button to scroll through all images. Though the thumbnails are rather small, they are big enough to give you a general overview of a page's contents. The thumbnails have as annotation text from the search results, so you can quickly understand what a page is about. The pop-up blocker was mostly effective in our tests, except with floating ads, though its performance seemed a bit slow. You can specify whether to allow ads from a certain site and whether to display an icon and play a sound when the toolbar blocks ads. You'll also find a basic search function powered by Yahoo's engine. Since it offers a rather unique way to store bookmarks and doesn't cost a dime, we can see how Viewpoint Toolbar makes a beneficial addition for many Web surfers."
Unlike a lot of the crap we see around here this does offer something that is somewhat useful.
This program does have an uninstaller under add/remove programs. Please use that as your first option.
End Processes (may or may not exist):
mtsaxinstaller.exe
viewmgr.exe
Unregister DLLs:
Tip: this is only a list of known files/locations. You will want to do a search by the name of the file to see if they're on your system.
A while back I wrote a guide to Register/remove DLL or AX files which you will need if you don't know how to unregister these files.
Each file is in several locations so you'll need to search for them and unregister + delete them in every location you find.
axmetastream.dll
swfview.dll
viewbar.dll
viewbarbho.dll
Remove Directories:
%programfilesdir%\viewpoint\
%profiles%\application data\viewpoint\
Or came it bundled with a Viewpoint Media Player, search for the following files:
AxMetaStream.dll, ComponentMgr.dll, MetaStreamID.ini, MtsAxInstaller.exe, npViewpoint.dll, npViewpoint.xpt, JpegReader.dll, Mts3Reader.dll, SceneComponent.dll, SreeDMMX.dll, SWFView.dll, WaveletReader.dll
If it is the toolbar you know how to get rid of it now,
polonus
P.S. I log out shortly from now, to have a good night's sleep, to-morrow we try to clear these remnants of adware from your computer, OK? Goodnight to you as well,
pol
-
Waa thank you alot ^-^!!
I'm sorry i kept you awake this long though.
And thank you again for all your help!
-
Hi HibikiKano,
Everything is all-right, I like to do this, so you did not wake me up too long. People learn a lot doing these things, so to-morrow we go on, look for all the files I mentioned, and report back to me to-morrow,
polonus
-
waaa :-\ sorry about the long wait i had a few exams :-[
-
Hi HibikiKano,
Didn't you had any of the ViewPoint adware files on your computer. Did you search for them?
polonus
-
Hi polonus and HibikiKano
You can find uninstall instructions and info about viewpoint here
http://www.pchell.com/support/viewpoint.shtml
-
Thank you "oldman", we will take that in consideration, whenever HibikiKano checks in with his search results,
pol
-
Hello Polonius,
I am so sorry but this week is a rather busy one and I am very sorry i don't reply enough :-\
I will try that with the viewpoint thank you oldman.
Can i ask about the sqmdata files again? how can i safely remove those? And also lately when someone is sending me a file on windows live messanger, it tells me that it will take a virus scan. It was messanger, not NOD or any other antivirus program but messanger does a scan...I do remember that it did that the first time when i got that whole thing on my computer. Is that a new thing they put in ? Or is it something suspicious?
Oh one more thing. How can i remove the hiberfil.sis safely? i know where to turn hibernate mode off but I am a little frightened to just delete hiberfil.sis with brute force. :-\
I am so sorry i am making you wait this much eventhough i asked for your help.
-Hibiki
-
I am a little frightened to just delete hiberfil.sis with brute force. :-\
Just turn off hibernation and you'll be able to delete that file.
I will be recreated again when you enable hibernation again.
-
Hi HibikiKano,
We do not have to rush this, but tell me what of the ViewPoint files or processes did you find on your computer?
Run a couple of cleaning programs as well, like for instance ATF cleaner from here:
http://www.atribune.org/ccount/click.php?id=1
Concerning the sqm files:
These files are created by the Customer Experience Improvement Program of Windows MSN Live Messenger.
If you are very sure that you don't want to help Microsoft in making WMLM just a little better you can disable it..
"To stop these files being created, you will need to turn off the option in MSN. You can do this in the options menu, selecting the help section, and then selecting 'Customer Experience Improvement Program'. Tick the 'I don't want to participate right now' and press OK."
And concerning removing hiberfil.sys, read here:
http://www.jmu.edu/computing/news/archive/issues/hyberfil.shtml
(Hi, Tech, you have beaten me to it by a sec, but I give him the instructions and pictures as well in my link, Damian)
There is also a more permanent solution:
what you need to do is open the file “autoexec.bat” on your C drive with notepad.
Then add the following two lines to it:
del /q /a sqmdata*.sqm
del /q /a sqmnoopt*.sqm
Save the file, and that’s it, you’re done. Now whenever you start your computer up, it will remove all of the annoying .sqm files cluttering up your C drive.
polonus