Other > Viruses and worms
tons of viruses, wrms, and trojan horses in c:/restore/temp file
DavidR:
Extract from Eddy's HJT Analyser Tool
CHECKING HIJACKTHIS, WINDOWS, INTERNET EXPLORER AND FIREWALL :
--------------------------------------------------------------------------------
You are using the latest version of Internet Explorer.
No software firewall detected. If you are not using a
hardware firewall, it is highly recommended to install one.
--------------------------------------------------------------------------------
THESE ITEMS ARE EITHER HARMFULL OR A SECURITY RISK
WE STRONGLY RECOMMEND TO FIX THEM :
--------------------------------------------------------------------------------
r1 - hklm\software\microsoft\internet explorer\main
r1 - hklm\software\microsoft\internet explorer\main
o2 - bho: (no name) - {029ca12c-89c1-46a7-a3c7-82f2f98635cb} - (no file)
o2 - bho: msntoolbandbho - {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.3000.1001\en-us\msntb.dll
o3 - toolbar: (no name) - {0494d0d9-f8e0-41ad-92a3-14154ece70ac} - (no file)
o3 - toolbar: msn - {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.3000.1001\en-us\msntb.dll
o9 - extra button: (no name) - {cd67f990-d8e9-11d2-98fe-00c0f0318afe} - (no file)
o9 - extra button: dell home - {ee117daa-a30b-40fc-945c-38ae1b80c1fa} - http://www.dellnet.com (file missing) (hkcu)
o16 - dpf: {90c9629e-cd32-11d3-bbfb-00105a1f0d68} (installshield international setup player) - http://www.installengine.com/engine/isetup.cab
o16 - dpf: {a17e30c4-a9ba-11d4-8673-60db54c10000} (yahooymailto class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
o16 - dpf: {b8be5e93-a60c-4d26-a2dc-220313175592} (zoneintro class) - http://messenger.zone.msn.com/binary/zintro.cab32846.cab
o16 - dpf: {14b87622-7e19-4ea8-93b3-97215f77a6bc} (messengerstatsclient class) - http://messenger.zone.msn.com/binary/messengerstatspaclient.cab31267.cab
--------------------------------------------------------------------------------
THE FOLLOWING ITEMS ARE NOT NEEDED TO LOAD
AT BOOTTIME FOR THE SYSTEM TO WORK PROPERLY :
--------------------------------------------------------------------------------
o4 - hklm\..\run: [tkbellexe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
o4 - hkcu\..\run: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
For an on-line scan of your Hijackthis log file try here http://hijackthis.de/index.php
allison:
I have done all that, rebooted, reran avast and the viruses are still in my c:/_restore/temp folder. what else can i do to get rid of them?
DavidR:
Disabling system restore should have cleared the _restore points, why it didn't I have no idea it does in XP, though I have never used winME, so I can't say why it didn't clear the restore points.
With system restore disabled can you go into the _restore folder and clear the temp folder?
Have you searched the windows help file about system restore and how to clean it up or delete restore points? I have no winME experience so I'm unable to offer any advice about it.
allison:
When I try to open the _restore folder it doesn't even show the existance of a temp folder so i have no idea how to manually clear this way. I tried doing a search for files or folders named temp and it didn't show up here either. Interestingly enough, I downloaded a program that was one of the links on other suggestions for problems. This program listed all of my start programs and when i did this, it showed a different folder (not restore) which seemed to contain the problem viruses and deleted this folder. Have rebooted since and all the viruses seem gone except one: a SdBot-1550[Trj] still appears in my restore/temp file; however, all the others are no longer showing up in the scan. Just thought I'd mention this for others who might have the same problem I have as another possible course of action. I still don't know how to get rid of this trojan horse but the other 60 or so seem to be gone. Thoughts though on this last one???
lee16:
--- Quote --- doesn't even show the existance of a temp folder so i have no idea how to manually clear this way.
--- End quote ---
Are you showing hidden files and folders?
To unhide them, open any folder and go to Tools >folder options > View, then scroll down to where it says 'Hidden files and folders' and then check/tick the 'Show hidden files and folders'.
Then again try and go into the _restore folder and clear the temp folder.
BTW, when you disabled system restore and rebooted could avast delete the virus/malware instances then?
--lee
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version