founded suspicious file in my friend PC by avast!

[Hya]

hi,

avast! show warn to my friend, suspicious file in C:\

avast! can't move to folder, move to chest and delete!

File Name: C:\m1eqos3.exe
Type: Rootkit: hidden process

--

this file is known in WinPatrol > Hidden Tabs also working in new windows (after format older windows and install new win)

avast! showinggggggggg this alert!!!! yet...

[Hya]

new windows installed (today); Lost went in last minutes !!!

[CharleyO]

***

An analysis of your HJT log shows the following problems :

We didn't detect any active process of a firewall on your system. Reasons maybe:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don't use any firewall at all.
We recommend you to use a firewall.

Platform: Windows XP SP2 (WinNT 5.01.2600)
A newer version of service pack is available. Service packs increase the safety of your system. Visit Microsoft's windowsupdate site to download the newest version of the service pack. SP3 has been available for more than a year. I suggest that when the computer is clean again that it be upgraded to SP3.

F2 - REG:system.ini: Shell=
This is a common place for trojans, hijackers, and spyware to launch from. It should be noted that the Userinit and the Shell F2 entries will not show in HijackThis unless there is a non-whitelisted value listed.

O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\Elijah\LOCALS~1\Temp\herss.exe
This is a sign of W32.SillyFDC.BCT media worm.
http://www.bleepingcomputer.com/startups/cdoosoft-25051.html


I can not give the running processes at this time as that site is down.


***

[YoKenny]

Also you should enable Automatic Updates or at least be notified that Updates are available.

Go to Control Panel then Automatic Updates then select Automatic (recommended) or at least Notify me but don't automatically download or install them.

Download and install:
User Profile Hive Cleanup Service:
Brief Description
A service to help with slow log off and unreconciled profile problems.
http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en

Update to IE8 as IE6 is quite vulnerable to attack:
http://www.microsoft.com/windows/internet-explorer/default.aspx

Download Malwarebytes' Anti-Malware (MBAM) then install it then update it and run a Quick scan:
http://www.malwarebytes.org/mbam.php

Go to Secunia Online Software Inspector then run it to see what other applications are vulnerable:
http://secunia.com/vulnerability_scanning/online

[Hya]

please see this screenshot (for today)

[micky77]

m1eqos3.exe, also uses the name HERSS.EXE, http://www.prevx.com/filenames/1582978840253270691-X1/M1EQOS3.EXE.html
So fix the 04 entry suggested by Charlie, reboot
Also run autorun eater, it runs in real time,it will find and delete bad autorun.inf files. Also plug in any removable flash drives. This is probably where you got infected

http://download.cnet.com/Autorun-Eater/3000-2239_4-10752777.html
Finally, do a boot time scan and run MBAM http://filehippo.com/download_malwarebytes_anti_malware/

[YoKenny]

@micky77
Hya willl continue to be infected until they update Windows to SP3 and the browser update. 

I dislike Autorun-Eater as its noises really iritate me and I much prefer Flash_Disinfector as it is nice and quiet.

[Tarq57]

Just for info, I've just installed Autorun Eater. Nice clean install. Full list of files added and registry changes made indicated in the help file. Quite impressed by this attention to detail.

The sounds can be turned off.

I have used flash-disinfector, too, it's great. But this tool, if it works (and the user reviews plus micky77's recommendation indicates that it will) is a wee beauty.

[Hya]

CharleyO, YoKenny, micky77 & Tarq57; Very Thx 

Suspicius File Removed by Autorun Eater. this is very good; easy and very fast!

Very Thx.

[CharleyO]

***

You are welcome, Hya ... glad to have helped you.   


***