Baidubar-B Problem

[RPhinKY]

Avast scan states I have a Baidubar-B trojan and recommends that I move it to the chest, however, when I try to move it I get a "not enouth space on disk" error message.  Any recommendations on how to proceed in isolating or removing this pest?  The file name is
C:\Program Files\Alwil Software\avast4\memory.dmp     

Thanks for any help

[Pondus]

I think Malvarebytes will remove it http://filehippo.com/download_malwarebytes_anti_malware/

and spyware terminator http://www.spywareterminator.com/pt-BR/item/31552/TrojanDownloaderBaiduBarB.html

http://filehippo.com/download_spyware_terminator/

[polonus]

Hi

There is also a possibilty to use this tool to remove it from your machine onBoot:
http://www.snapfiles.com/reviews/MoveOnBoot/moveonboot.html (free)
Install it, right click on the malware file, chose to delete it next boot, reboot, it is gone.
Also remove each of the files in those folders the same way, after they are gone the folders can be deleted, then you should be able to clean the entries in the registry once the files are gone (you may need to take ownership of the keys).
   1. Detected Files:
   2. Detected Files with variable Filenames: MD5: CE40153B4A732FDEB214B00D4C1B123F Size: 474682 d:\Program Files\Funshion Online\Funshion\XPSP2Patch\funshion010.exe e:\½l\XPSP2Patch\funshion010.exe %PROGRAMFILES%\Funshion Online\Funshion\XPSP2Patch\funshion010.exe %SystemDiskRoot%\System Volume Information\_restore{D4259519-9A98-4CB3-A9A9-7C40618633AA}\RP30\A0014092.exe

Detecting items list:

   1. Files by MD5 MD5: CE40153B4A732FDEB214B00D4C1B123F Size: 474682
FileName   McAfee Supported
%WINDIR%\dcbdcatys32_090608a.dll
   Spy-Agent.br.dll
%WINDIR%\system\sgcxcxxaspf090608.exe
   Downloader-AZN
%WINDIR%\system32\inf\scsys16_090608.dll
   Downloader-AZN

System Changes

These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files

The following files were analyzed:

# %USERPROFILE%\local settings\temp\0248.exe

The following files have been added to the system:

# %WINDIR%\dcbdcatys32_090608a.dll
# %WINDIR%\system\sgcxcxxaspf090608.exe
# %WINDIR%\system32\inf\
# %WINDIR%\system32\inf\scsys16_090608.dll
# %WINDIR%\system32\inf\sppdcrs090608.scr
# %WINDIR%\system32\inf\svchoct.exe
# %WINDIR%\tawisys.ini
# %WINDIR%\wftadfi16_090608a.dll

The following registry elements have been created:

# HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\currentversion\policies\explorer\run\

    * maineyucst = c:\windows\system32\inf\svchoct.exe c:\windows
      \wftadfi16_090608a.dll d16tan

The following registry elements have been changed:

# HKEY_CURRENT_USER\Software\Microsoft\internet explorer\main\

    * check_associations = no

# HKEY_CURRENT_USER\Software\Microsoft\Windows\currentversion\internet settings\

    * enableautodial = 0

Symptoms
Symptoms -

This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section. Removal considerations:
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.aspx

polonus

[Pondus]

Hi polonus, the program is removed

http://www.snapfiles.com/reviews/MoveOnBoot/moveonboot.html (free)

NOT AVAILABLE
The program MoveOnBoot is currently not available from our site.

[polonus]

Hi pondus,

Download link: http://www.softpedia.com/js/mootols.js

polonus

[DavidR]

Or -  MoveOnBoot http://www.download.com/EMCO-MoveOnBoot/3000-2094_4-10397293.html.

I prefer - Unlocker http://ccollomb.free.fr/unlocker/ is also good as it also has a few additional features to not only delete the files but stop any process that is stopping you from deleting a file.