Avast WEBforum
Other => Viruses and worms => Topic started by: xfilesfangirl on May 05, 2007, 05:29:19 AM
-
Hello everyone! I'm new to the forums and I just love Avast! Anyway, I have a problem. For the past few days I keep getting a notification that my computer is infected with the Win32Trogan-gen virus. I keep moving it to the chest but it still pops up so I delete it and yet again, it returns. I've also disabled System Restore and ran Spybot and Adware. I have a firewall too. Anyway, why can't I get rid of this thing and why does it keep popping up? Any help would be appreciated!
-
Welcome to the forum xfilesfangirl.
Try running an avast! boot scan followed by a complete scan with the free version of AVG Antispyware
http://free.grisoft.com/doc/20/lng/us/tpl/v5
Make sure to quarantine rather delete, and post again with the results.
-
Thank you for replying! I'm going to do that right now as we speak! Is this something I should be freaking out about? I do alot of online shopping and stuff and I have this image in my head of this little virus logging all of my credit card info and stuff. I'm paranoid. *lol*
-
Okay, both the bootscan and the spyware scan came up with 0 infected files. Does this mean that I'm safe now? How do I know this virus isn't somewhere hiding and lurking in the background? :(
-
Well, don't freak out about it but you're right to be concerned about the possibilities.
How do I know this virus isn't somewhere hiding and lurking in the background? :(
Why don't you post a HijackThis log and I'll take a look:
Click here (http://www.thespykiller.co.uk/files/HJTsetup.exe) to download HJTsetup.exe
- Save HJTsetup.exe to your desktop.
- Doubleclick on the HJTsetup.exe icon on your desktop.
- By default it will install to C:\Program Files\Hijack This.
- Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
- Put a check by Create a desktop icon then click Next again.
- Continue to follow the rest of the prompts from there.
- At the final dialogue box click Finish and it will launch Hijack This.
- Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
- Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
- Come back here to this thread and Paste the log in your next reply.
- DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
The log may be long - feel free to use 2 or more posts if you need to.
-
Hello everyone! I'm new to the forums and I just love Avast! Anyway, I have a problem. For the past few days I keep getting a notification that my computer is infected with the Win32Trogan-gen virus. I keep moving it to the chest but it still pops up so I delete it and yet again, it returns.
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast icon), Warning section, this contains information on all avast detections.
Hopefully the AVG anti-spyware suggested by mauserme will detect the file that is regenerating this malware.
What is your firewall ?
As if as I suspect there may be a program downloading this malware, then a firewall should be able to block unauthorised outbound Internet Connections (XPs firewall doesn't provide outbound protection).
-
Hello everyone! I'm new to the forums and I just love Avast! Anyway, I have a problem. For the past few days I keep getting a notification that my computer is infected with the Win32Trogan-gen virus. I keep moving it to the chest but it still pops up so I delete it and yet again, it returns.
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast icon), Warning section, this contains information on all avast detections.
Hopefully the AVG anti-spyware suggested by mauserme will detect the file that is regenerating this malware.
What is your firewall ?
As if as I suspect there may be a program downloading this malware, then a firewall should be able to block unauthorised outbound Internet Connections (XPs firewall doesn't provide outbound protection).
The log viewer says that it has been found in C:\System Volume Information\restore or _restore.
AVG doesn't seem to detect anything although I'm going to scan it again when I get offline. My firewall is called Jetico.
-
Well, don't freak out about it but you're right to be concerned about the possibilities.
How do I know this virus isn't somewhere hiding and lurking in the background? :(
Why don't you post a HijackThis log and I'll take a look:
Click here (http://www.thespykiller.co.uk/files/HJTsetup.exe) to download HJTsetup.exe
- Save HJTsetup.exe to your desktop.
- Doubleclick on the HJTsetup.exe icon on your desktop.
- By default it will install to C:\Program Files\Hijack This.
- Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
- Put a check by Create a desktop icon then click Next again.
- Continue to follow the rest of the prompts from there.
- At the final dialogue box click Finish and it will launch Hijack This.
- Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
- Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
- Come back here to this thread and Paste the log in your next reply.
- DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
The log may be long - feel free to use 2 or more posts if you need to.
Okay, thank you! Here you go (I hope I did this right):
Logfile of HijackThis v1.99.1
Scan saved at 12:03:08 PM, on 5/5/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\carpserv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\wmconnectc\wwm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashLogV.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%3Fui%3Dhtml%26zy%3Dl<mpl=yj_wsad<mplcache=2&hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {80f36fd4-ba9e-43c0-98b9-caecfdc4c28e} - C:\WINDOWS\system32\ckc079.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{51B59571-1340-4939-AB62-69745E50A6F7}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ckc079 - ckc079.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
-
Hi xfilesfangirl,
Run HijackThis! again, put a tick next to these entries then click 'fix':
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {80f36fd4-ba9e-43c0-98b9-caecfdc4c28e} - C:\WINDOWS\system32\ckc079.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O20 - Winlogon Notify: ckc079 - ckc079.dll (file missing)
I believe they are all related to malware which has been deleted, so it should be easy to remove them- please check with HijackThis! that they have gone.
To remove malware in System Restore, create a clean restore point, then delete all older, infected points:
http://www.bleepingcomputer.com/tutorials/tutorial56.html#manual (http://www.bleepingcomputer.com/tutorials/tutorial56.html#manual)
http://www.bleepingcomputer.com/tutorials/tutorial56.html#delete (http://www.bleepingcomputer.com/tutorials/tutorial56.html#delete)
You really need to update to XP SP2 to be secure, but at the very least, use an alternative browser like Firefox or Opera- much more secure than IE on SP1!
-
Do you still have McAfee installed? You will need to get rid of either it or avast! as you don't want 2 antivirus programs at the same time.
You should also update Acrobat Reader to 8. Here's a link
http://www.adobe.com/products/acrobat/readstep2.html
And for sure get SP2 as FwFrank mentioned.
Are you still getting any trojan warnings (after deleting the old restore points)?
EDIT: This one was Windows Live Messenger
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
and this was Site Adviser
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
So these were probably the culprits
O2 - BHO: (no name) - {80f36fd4-ba9e-43c0-98b9-caecfdc4c28e} - C:\WINDOWS\system32\ckc079.dll (file missing)
O20 - Winlogon Notify: ckc079 - ckc079.dll (file missing)
-
Hi xfilesfangirl,
Run HijackThis! again, put a tick next to these entries then click 'fix':
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {80f36fd4-ba9e-43c0-98b9-caecfdc4c28e} - C:\WINDOWS\system32\ckc079.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O20 - Winlogon Notify: ckc079 - ckc079.dll (file missing)
I believe they are all related to malware which has been deleted, so it should be easy to remove them- please check with HijackThis! that they have gone.
To remove malware in System Restore, create a clean restore point, then delete all older, infected points:
http://www.bleepingcomputer.com/tutorials/tutorial56.html#manual (http://www.bleepingcomputer.com/tutorials/tutorial56.html#manual)
http://www.bleepingcomputer.com/tutorials/tutorial56.html#delete (http://www.bleepingcomputer.com/tutorials/tutorial56.html#delete)
You really need to update to XP SP2 to be secure, but at the very least, use an alternative browser like Firefox or Opera- much more secure than IE on SP1!
Thanks! You rock! I deleted those files and ran another scan of Avast and it said I am clean. I hope this did the trick!
-
Do you still have McAfee installed? You will need to get rid of either it or avast! as you don't want 2 antivirus programs at the same time.
You should also update Acrobat Reader to 8. Here's a link
http://www.adobe.com/products/acrobat/readstep2.html
And for sure get SP2 as FwFrank mentioned.
Are you still getting any trojan warnings (after deleting the old restore points)?
EDIT: This one was Windows Live Messenger
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
and this was Site Adviser
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
So these were probably the culprits
O2 - BHO: (no name) - {80f36fd4-ba9e-43c0-98b9-caecfdc4c28e} - C:\WINDOWS\system32\ckc079.dll (file missing)
O20 - Winlogon Notify: ckc079 - ckc079.dll (file missing)
Oh don't worry I don't have McAfee. I tried to install it but it slowed down my laptop too much (maybe because I'm still on dial-up). I only have Avast now. I'll update Adobe as you advise. I'm sorry for sounding stupid but what is SP2? Yeah, I'm a computer idiot. I deleted the files Frank suggested and scanned my computer and so far so good. Let's hope the virus is gone from my life. I do wonder how I got it since I only visit about four websites regularly and they are 'reputable' sites ya know.
-
I haven't deleted any old system restore points yet and I was thinking I might leave system restore turned off. Is this a bad idea?
-
Okay, I just read that turning off System Restore deletes all old restore points. I think I'll just leave it turned off if that's not a bad idea.
-
Service Pack 2 (SP2) is the most current version of Windows XP. It is much more secure that Service Pack1. Here's a link
http://www.microsoft.com/windowsxp/sp2/default.mspx
System Restore is sort of a personal choice. Since yours is off you don't need to worry about clearing any old restore points. My preference has changed to leave it turned on now since I've had a couple times I wished for it after installing drivers that conflicted. And it would be wise to set a restore point before installing SP2, I think.
Since McAfee is not installed you can fix these lines in HijackThis too
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
-
Service Pack 2 (SP2) is the most current version of Windows XP. It is much more secure that Service Pack1. Here's a link
http://www.microsoft.com/windowsxp/sp2/default.mspx
System Restore is sort of a personal choice. Since yours is off you don't need to worry about clearing any old restore points. My preference has changed to leave it turned on now since I've had a couple times I wished for it after installing drivers that conflicted. And it would be wise to set a restore point before installing SP2, I think.
Since McAfee is not installed you can fix these lines in HijackThis too
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
Thank you! I will fix those too. I'll also download the updated XP package. I noticed this on my Hijack this scan:
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
Is this a bad file too?
-
No, its OK:
http://www.liutilities.com/products/wintaskspro/processlibrary/wltrysvc/
Description:
wltrysvc.exe is a process belonging to the Broadcom Corporation Wireless Network Tray Applet, which interacts with your broadband hardware. This program is a non-essential process, but should not be terminated unless suspected to be causing problems.
After you install SP2 check for Windows critical updates. There will probably be many to download and you may have to check several times to get them all. Keep checking until there are none left.
-
No, its OK:
http://www.liutilities.com/products/wintaskspro/processlibrary/wltrysvc/
Description:
wltrysvc.exe is a process belonging to the Broadcom Corporation Wireless Network Tray Applet, which interacts with your broadband hardware. This program is a non-essential process, but should not be terminated unless suspected to be causing problems.
After you install SP2 check for Windows critical updates. There will probably be many to download and you may have to check several times to get them all. Keep checking until there are none left.
Thank you again! You rock! I'm sure I'll be downloading stuff all night now. *lol*
-
The trojan alerts have stopped, right? SP2 won't install on an infected computer.
-
Okay, I just read that turning off System Restore deletes all old restore points. I think I'll just leave it turned off if that's not a bad idea.
Unless you have something to replace the system restore function, an effective back-up and restore strategy, then NO you shouldn't leave system restore disabled.
I have SR disabled, but I do a weekly image of my hard drive using an imaging program that makes an exact copy of your partition/drive and saves a copy to a second hard drive (or partition, a bad idea IMHO) or to a DVD. I also make daily or more frequent back-up of my data files or things that I don't want to lose, emails, address book, favourites/bookmarks, registration keys/information, etc.
So if the worst comes to the worst I restore the last weekly image and last daily back-up any loss is minimal.
-
The trojan alerts have stopped, right? SP2 won't install on an infected computer.
Yeah, so far everything looks fine. I've scanned my laptop a few times this weekend and Avast finds no infected files. Yay!
Those McAfee files won't seem to go away though. Weird. My computer is weird; likes its owner.
-
Okay, I just read that turning off System Restore deletes all old restore points. I think I'll just leave it turned off if that's not a bad idea.
Unless you have something to replace the system restore function, an effective back-up and restore strategy, then NO you shouldn't leave system restore disabled.
I have SR disabled, but I do a weekly image of my hard drive using an imaging program that makes an exact copy of your partition/drive and saves a copy to a second hard drive (or partition, a bad idea IMHO) or to a DVD. I also make daily or more frequent back-up of my data files or things that I don't want to lose, emails, address book, favourites/bookmarks, registration keys/information, etc.
So if the worst comes to the worst I restore the last weekly image and last daily back-up any loss is minimal.
Okay, I turned System Restore back on per your advice. Thanks!
-
Those McAfee files won't seem to go away though.
Your could try this:
Open HijackThis again and click Open the Misc Tools Section. Then click Delete and NT Service. In the empty field type (or copy and paste) each of these lines individually, clicking OK after each of them
McAfee E-mail Proxy
McAfee Redirector Service
McAfee Real-time Scanner
McAfee SystemGuards
-
Those McAfee files won't seem to go away though. Weird. My computer is weird; likes its owner.
McAfee has an uninstall tool that you could run to ensure any possible remnants are removed.
http://download.mcafee.com/products/licensed/cust_support_patches/VSCleanupTool.exe (http://download.mcafee.com/products/licensed/cust_support_patches/VSCleanupTool.exe)
-
Those McAfee files won't seem to go away though.
Your could try this:
Open HijackThis again and click Open the Misc Tools Section. Then click Delete and NT Service. In the empty field type (or copy and paste) each of these lines individually, clicking OK after each of them
McAfee E-mail Proxy
McAfee Redirector Service
McAfee Real-time Scanner
McAfee SystemGuards
Hmm, that didn't work for some reason. :(
Also, maybe you might know but whenever I try to create a restore point with System Restore it stops responding. I've restarted and restarted my computer but it still stops responding after a few seconds.
-
Those McAfee files won't seem to go away though. Weird. My computer is weird; likes its owner.
McAfee has an uninstall tool that you could run to ensure any possible remnants are removed.
http://download.mcafee.com/products/licensed/cust_support_patches/VSCleanupTool.exe (http://download.mcafee.com/products/licensed/cust_support_patches/VSCleanupTool.exe)
Aw, it says it can't install some of the files after I download it. :(
-
What files is it saying it can't install and just as importantly why ?
We thrive on information without it we can't even guess.
What McAfee application did you have ?
-
Try this - click Start>Run
In the empty filed type services.msc and click OK.
Locate each of the four McAfee services and on each right click and then click Properties. Set the Start Up type to Disabled. Reboot and post a new HJT log.
-
I got same problem, but under different folder, how to delete it?
Malware name: Win32:Trojan-gen. {Other}
file name: C:\WINDOWS\Installer\591bf.msi\Binary.NewBinary23\%MAINDIR%\assist\xpstyle.dll
-
Try AdAware SE (free version)
http://www.lavasoftusa.com/download_and_buy/product_comparison_chart.php
Then start a new thread if further help is needed.
-
Hi lychee,
It could be this:
http://www.emsisoft.com/en/malware/?Adware.Win32.3721+Chinese+Keywords (http://www.emsisoft.com/en/malware/?Adware.Win32.3721+Chinese+Keywords)
Try the free version of a-Squared, but first look in Start>Control Panel>Add/Remove Programs for
3721 Technology Co
Chinese Keywords
CNSMin
or similar and uninstall from there if found.
Also run scans with AVG Anti-Spyware and Spybot Search & Destroy:
http://free.grisoft.com/doc/20/lng/us/tpl/v5 (http://free.grisoft.com/doc/20/lng/us/tpl/v5)
http://www.safer-networking.org/ (http://www.safer-networking.org/)
-
Ad-Aware SE Personal Edition (Free) (http://www.download.com/Ad-Aware-SE-Personal-Edition/3003-8022_4-10399602.html)