Other > Viruses and worms
msupdte.exe
<< < (6/8) > >>
micky77:
Well the HJT log looks much better. Wait for Essexboy to comment (especially on the SDfix log, I'm not familiar with this program,and don't know what the entry "C:\\WINDOWS\\system32\\meaukd.exe"="C:\\WINDOWS\\system32\\meaukd.exe:*:Enabled:meaukd" means.Although its no longer in the HJT log. . In the meantime, turn off system restore,reboot,and turn it back on again

http://support.microsoft.com/kb/310405
essexboy:
Yep that is a remnant of Vundo so lets see what remains of it.  I believe the file has gone but to be sure

Please download the OTMoveIt3 by OldTimer.
[*] Save it to your desktop.
[*] Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[/list]
--- Code: ---:Reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\meaukd.exe"=-

:Files
C:\\WINDOWS\system32\meaukd.exe

:Commands
[purity]
[emptytemp]

--- End code ---
[*] Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.

[*]Click the red Moveit! button.
[*]Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
[*]Close OTMoveIt3
[/list]
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
cheekiat:
okay, i will try it now.
cheekiat:

--- Code: ---========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\meaukd.exe deleted successfully.
========== FILES ==========
File/Folder C:\\WINDOWS\system32\meaukd.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Cheekiat\LOCALS~1\Temp\etilqs_k1fSdf2Y7X7Cpcczf7RP scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Cheekiat\LOCALS~1\Temp\~DF27CF.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Cheekiat\LOCALS~1\Temp\~DF2ACB.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Cheekiat\LOCALS~1\Temp\~DF996E.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Cheekiat\LOCALS~1\Temp\~DF99BA.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib1.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib2.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib3.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib4.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib5.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_3e8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5ac.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Cheekiat\Local Settings\Application Data\Mozilla\Firefox\Profiles\2k2411r8.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Cheekiat\Local Settings\Application Data\Mozilla\Firefox\Profiles\2k2411r8.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Cheekiat\Local Settings\Application Data\Mozilla\Firefox\Profiles\2k2411r8.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Cheekiat\Local Settings\Application Data\Mozilla\Firefox\Profiles\2k2411r8.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Cheekiat\Local Settings\Application Data\Mozilla\Firefox\Profiles\2k2411r8.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Cheekiat\Local Settings\Application Data\Mozilla\Firefox\Profiles\2k2411r8.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
 
OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11092008_221422

Files moved on Reboot...
File C:\DOCUME~1\Cheekiat\LOCALS~1\Temp\etilqs_k1fSdf2Y7X7Cpcczf7RP not found!
File C:\DOCUME~1\Cheekiat\LOCALS~1\Temp\~DF27CF.tmp not found!
File C:\DOCUME~1\Cheekiat\LOCALS~1\Temp\~DF2ACB.tmp not found!
File C:\DOCUME~1\Cheekiat\LOCALS~1\Temp\~DF996E.tmp not found!
File C:\DOCUME~1\Cheekiat\LOCALS~1\Temp\~DF99BA.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\ib1.tmp moved successfully.
C:\WINDOWS\temp\ib2.tmp moved successfully.
C:\WINDOWS\temp\ib3.tmp moved successfully.
C:\WINDOWS\temp\ib4.tmp moved successfully.
C:\WINDOWS\temp\ib5.tmp moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_3e8.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_5ac.dat moved successfully.
C:\Documents and Settings\Cheekiat\Local Settings\Application Data\Mozilla\Firefox\Profiles\2k2411r8.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Cheekiat\Local Settings\Application Data\Mozilla\Firefox\Profiles\2k2411r8.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Cheekiat\Local Settings\Application Data\Mozilla\Firefox\Profiles\2k2411r8.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Cheekiat\Local Settings\Application Data\Mozilla\Firefox\Profiles\2k2411r8.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Cheekiat\Local Settings\Application Data\Mozilla\Firefox\Profiles\2k2411r8.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Cheekiat\Local Settings\Application Data\Mozilla\Firefox\Profiles\2k2411r8.default\XUL.mfl moved successfully.

--- End code ---
essexboy:
Hows it running now ?
Navigation
Message Index
Next page
Previous page

Go to full version