Jump to content

Partner37 struggle


Recommended Posts

Go to Control Panel >> Add-or-Remove Programs

If any of these are listed, then Un-install it

Ask toolbar

ChatZum Toolbar

Ilivid Player

Search Safer

IF Firefox or Chrome browser is having the issue with "partner37" then un-install it

and instead get a browser from Comodo

either IceDragon http://www.comodo.com/home/browsers-toolbars/icedragon-browser.php

or

Comodo Dragon http://www.comodo.com/home/browsers-toolbars/browser.php

Having done that, that may reduce the issue to perhaps only Internet Explorer.

We Need to Run a Batch Script

  1. Press the Windows-key on keyboard & select RUN {Start >>Run}.
  2. In the Run box, type notepad and press Enter.
  3. Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
    rd /s /q C:\Program\ChatZum Toolbar
    rd /s /q c:\Documents and Settings\Anders\Lokala inställningar\Application Data\Ilivid Player
    del /f /q "%~f0"


  4. Select File -> Save AS.
  5. Press the Desktop button on the left side of the save dialog.
  6. In the 10-16-2011%204-37-58%20PM.png box, type in Fix.bat.
  7. Press 10-16-2011%204-36-39%20PM.png.
  8. Close Notepad.
  9. Double-click on Fix.bat to run it. It will run in a command-prompt window & finish very quickly.

Now close all open browsers (if any).

Go to Start > Run

Type

iexplore.exe -extoff

and press Enter

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Using Internet Explorer browser only, go to ESET Online Scanner website:

{Windows 7 & Vista users should start IE by Start >> Internet Explorer >> Right-Click and select Run As Administrator.}

  • Press the ESET Online scanner" button
  • Check the I accept the terms box. Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Un-check the Remove found threats option.
  • Checkmark Scan Archives option.
  • Click on Advanced Settings and checkmark the following
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology
    click Scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files\Eset\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://www.eset.com/onlinescan/cac4.php?page=faq

    [*]Use of Internet Explorer for the online scan is preferred. If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.

After the scan is done, re-enable your antivirus program.

Reply with copy of the Eset scan log.

Link to post
Share on other sites

Ok everything done. Uninstalled chrome and firefox and replaced it with IceDragon.

Scan detected 25 infected files. Here's the log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=c64f872ee0d05146b1887190d51147ba

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-09-11 07:28:57

# local_time=2012-09-11 09:28:57 (+0100, Västeuropa, sommartid)

# country="Sweden"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=5378 16777214 0 3 37602007 37602007 0 0

# compatibility_mode=5891 16776869 42 92 678 15119856 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=171018

# found=25

# cleaned=0

# scan_time=6428

C:\Documents and Settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Anders\Mina dokument\Downloads\cnet2_SolveigMM_HyperCam_3_4_1206_04_exe.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Anders\Mina dokument\Downloads\freecorder setup.exe a variant of Win32/Soft32Downloader.B application (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Anders\Mina dokument\Downloads\iLividSetupV1 (1).exe Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Anders\Mina dokument\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Anders\Mina dokument\Downloads\maxspywaredetectorm.exe a variant of Win32/MaxPCsecure application (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Anders\Mina dokument\Downloads\SoftonicDownloader_for_intel-indeo.exe Win32/SoftonicDownloader.D application (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Anders\Mina dokument\Downloads\SoftonicDownloader_for_vcam.exe a variant of Win32/SoftonicDownloader.D application (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Anders\Mina dokument\Downloads\SopCast-3.5.0.exe Win32/Bundled.Toolbar.Ask application (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Anders\Mina dokument\Hämtade filer\SoftonicDownloader_for_hamachi.exe a variant of Win32/SoftonicDownloader.D application (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Anders-2\Lokala inställningar\Application Data\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.1_0\background.html Win32/Adware.Yontoo.C application (unable to clean) 00000000000000000000000000000000 I

C:\Program\redbet\pokerclient\Ny mapp\Downloads\cnet2_SetupMyVideoDownloader_v3_0_1_0_exe.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I

C:\Program\redbet\pokerclient\Ny mapp\Downloads\cnet_DTLite4413-0173_exe.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I

C:\Program\redbet\pokerclient\Ny mapp\Downloads\installer_daemon_tools.exe Win32/Toggle application (unable to clean) 00000000000000000000000000000000 I

C:\Program\redbet\pokerclient\Ny mapp\Downloads\installer_daemon_tools_4_40_2__Swedish.exe multiple threats (unable to clean) 00000000000000000000000000000000 I

C:\Program\redbet\pokerclient\Ny mapp\Downloads\installer_vlc_media_player_1_1_4_Swedish.exe multiple threats (unable to clean) 00000000000000000000000000000000 I

C:\Program\redbet\pokerclient\Ny mapp\Downloads\installer_winrar_4_01_64_bits_Swedish.exe multiple threats (unable to clean) 00000000000000000000000000000000 I

C:\Program\redbet\pokerclient\Ny mapp\Downloads\SoftonicDownloader_for_unlocker.exe Win32/SoftonicDownloader application (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP389\A0046295.exe a variant of Win32/Toolbar.SearchSuite.A application (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP389\A0046296.dll Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP389\A0046343.exe Win32/Somoto application (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP390\A0046502.dll a variant of Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP390\A0046503.dll a variant of Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP430\A0063087.exe a variant of Win32/MaxPCsecure application (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP445\A0067532.exe Win32/Graboid application (unable to clean) 00000000000000000000000000000000 I

Link to post
Share on other sites

The ESET scan found 18 items that need to be deleted.

Seems to me, perhaps, you were in the habit of not scanning programs you downloaded off the internet.

Reminder that not all free things on the 'net are free of malware. Always double check the reputation of the site or maker of the "stuff".

Always scan the files with your antivirus and your anti-malware before installing or using any downloaded tool, freebie, or whatever.

Run a Script

  1. Press the Windows-key on keyboard + R key. {or Start >> RUN }
  2. In the RUN box, type notepad and press Enter.
  3. Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
    del /f /q C:\Documents and Settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll
    del /f /q C:\Documents and Settings\Anders\Mina dokument\Downloads\cnet2_SolveigMM_HyperCam_3_4_1206_04_exe.exe
    del /f /q C:\Documents and Settings\Anders\Mina dokument\Downloads\freecorder setup.exe
    del /f /q C:\Documents and Settings\Anders\Mina dokument\Downloads\iLividSetupV1(1).exe
    del /f /q C:\Documents and Settings\Anders\Mina dokument\Downloads\iLividSetupV1.exe
    del /f /q C:\Documents and Settings\Anders\Mina dokument\Downloads\maxspywaredetectorm.exe
    del /f /q C:\Documents and Settings\Anders\Mina dokument\Downloads\SoftonicDownloader_for_intel-indeo.exe
    del /f /q C:\Documents and Settings\Anders\Mina dokument\Downloads\SoftonicDownloader_for_vcam.exe
    del /f /q C:\Documents and Settings\Anders\Mina dokument\Downloads\SopCast-3.5.0.exe
    del /f /q C:\Documents and Settings\Anders\Mina dokument\Hämtade filer\SoftonicDownloader_for_hamachi.exe
    del /f /q C:\Documents and Settings\Anders-2\Lokala inställningar\Application Data\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.1_0\background.html
    del /f /q C:\Program\redbet\pokerclient\Ny mapp\Downloads\cnet2_SetupMyVideoDownloader_v3_0_1_0_exe.exe
    del /f /q C:\Program\redbet\pokerclient\Ny mapp\Downloads\cnet_DTLite4413-0173_exe.exe
    del /f /q C:\Program\redbet\pokerclient\Ny mapp\Downloads\installer_daemon_tools.exe
    del /f /q C:\Program\redbet\pokerclient\Ny mapp\Downloads\installer_daemon_tools_4_40_2__Swedish.exe
    del /f /q C:\Program\redbet\pokerclient\Ny mapp\Downloads\installer_vlc_media_player_1_1_4_Swedish.exe
    del /f /q C:\Program\redbet\pokerclient\Ny mapp\Downloads\installer_winrar_4_01_64_bits_Swedish.exe
    del /f /q C:\Program\redbet\pokerclient\Ny mapp\Downloads\SoftonicDownloader_for_unlocker.exe
    del /f /q "%~f0"


  4. Select File -> Save AS.
  5. Press the Desktop button on the left side of the save dialog.
  6. In the 10-16-2011%204-37-58%20PM.png box, type in Fix.bat.
  7. Press 10-16-2011%204-36-39%20PM.png.
  8. Close Notepad.
  9. Double-click FIX.BAT to start it in a command-prompt-window :excl:
  10. It will run very quickly and then remove itself at the end.

Step 2

Download and Save McAfee Stinger to your Desktop

http://www.mcafee.co...ls/stinger.aspx

Close all browsers before starting. Disable your antivirus program and anti-malware,if any.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

On Windows 7 & Vista systems, Right Click stinger-icon.gif and select Run as Administrator.

On XP, double-click to start it.

The GUI interface will look like this

stinger2.png

The C drive is the default for scanning.

Press the Preferences button. In the top right-block "On virus detection", click Rename

In the bottom block "Heuristic network check for suspicious files" select High

Click the Scan Now button.

When done, use the File menu and select Save report to file

Stinger.txt is the log report and will be saved to your Desktop. I will need a copy of that log.

Stinger is a standalone utility used to detect and remove specific malware. It is not a full scan for all types of malware or viruses.

It is not intended as virus protection.

Step 3

Download the Microsoft® Windows® Malicious Software Removal Tool from the Microsoft Download Center

http://www.microsoft...&displaylang=en

It is suggested that you rename mrt.exe to some other name, such as Omega.exe, then run it.

After a run of MSRT has finished, you will find the log at C:\WINDOWS\Debug\mrt.log or C:\WINNT\Debug\mrt.log

The file may be opened and viewed with Notepad or similar text editor.

Additional information Microsoft® Windows® Malicious Software Removal Tool is here http://support.micro...om/?kbid=890830

If no infections were found, you will see in your log

Results Summary:

----------------

No infection found.

Step 4

Download, & save & then run the MS Safety scanner

http://www.microsoft...us/default.aspx

Let me know the result.

Step 5

Download Dr.Web CureIt to the desktop.

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow drweb.jpg at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.

now, Tell me, How is the system now ?

Edited by Maurice Naggar
Link to post
Share on other sites

Stinger.txt:

McAfee® Labs Stinger Version 10.2.0.782 built on Sep 11 2012

Copyright © 2012 McAfee, Inc. All Rights Reserved.

Virus data file v1000.0000 created on Sep 11 2012.

Ready to scan for 4955 viruses, trojans and variants.

Scan initiated on Tue Sep 11 22:56:45 2012

Rootkit scan result : Clean

Master Boot Record(s):....1

Possibly Infected:.............0

Boot Sector(s):.................1

Possibly Infected: ............0

C:\Program\Celeris\Virtual Pool 3 DL\vp3.exe

Found the Artemis!1F5E61C3BF37 trojan !!!

C:\Program\Celeris\Virtual Pool 3 DL\vp3.exe is infected with the Artemis!1F5E61C3BF37 virus !!!

Number of clean files: 33686

Number of infected files: 1

Number of files renamed: 1

MSRT-log: (No infections. Posting just in case you want to look at it anyway)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.20, June 2011

Started On Mon Jul 04 13:33:26 2011

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Mon Jul 04 13:34:00 2011

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.20, June 2011

Started On Mon Jul 04 13:34:05 2011

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Mon Jul 04 13:34:31 2011

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.21, July 2011

Started On Tue Jul 26 18:34:21 2011

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Tue Jul 26 18:35:34 2011

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.22, August 2011

Started On Fri Aug 19 23:46:58 2011

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Fri Aug 19 23:47:59 2011

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.0, September 2011

Started On Thu Sep 15 02:07:11 2011

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 15 02:08:19 2011

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.0, September 2011

Started On Thu Sep 29 01:14:24 2011

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 29 01:15:35 2011

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.1, October 2011

Started On Fri Oct 14 01:47:13 2011

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Fri Oct 14 01:48:38 2011

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.2, November 2011

Started On Thu Nov 10 00:47:13 2011

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 10 00:48:46 2011

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.3, December 2011

Started On Fri Dec 16 02:13:30 2011

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Fri Dec 16 02:15:06 2011

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.4, January 2012

Started On Thu Jan 12 00:14:18 2012

->Scan ERROR: resource process://pid:1224 (code 0x00000490 (1168))

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 12 00:16:02 2012

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.5, February 2012

Started On Thu Feb 16 12:18:03 2012

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 16 12:19:51 2012

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.6, March 2012

Started On Wed Mar 14 10:34:01 2012

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Mar 14 10:36:06 2012

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.7, April 2012

Started On Thu Apr 12 00:45:51 2012

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 12 00:48:00 2012

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.8, May 2012

Started On Fri May 11 02:16:36 2012

->Scan ERROR: resource process://pid:1644 (code 0x00000490 (1168))

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Fri May 11 02:19:02 2012

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.9, June 2012

Started On Thu Jun 14 03:01:04 2012

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 14 03:03:58 2012

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.10, July 2012

Started On Thu Jul 12 01:57:02 2012

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Jul 12 01:59:52 2012

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.11, August 2012

Started On Thu Aug 16 02:02:06 2012

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Aug 16 02:04:58 2012

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.12, September 2012

Started On Tue Sep 11 23:09:28 2012

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Tue Sep 11 23:12:59 2012

Return code: 0 (0x0)

MS Safety Scanner didn't find any threats. I made both step 3 and step 4 with quick scans. Was this the right choice? It was also possible to do full scans.

DrWeb:

rlls.dll C:\Avenger Trojan.Damaged.1 Deleted. rlvknlg.exe C:\Avenger Trojan.Damaged.1 Deleted. copyright.txt C:\Documents and Settings\Anders\Lokala inställningar\Application Data\RavenBleuSA\bin\1.0.11.0 Adware.Zango.15 Incurable.Moved. analyze[1] C:\Documents and Settings\Anders\Lokala inställningar\Temporary Internet Files\Content.IE5\LNASMKQT Adware.Predictad.1 Incurable.Moved. analyze[2] C:\Documents and Settings\Anders\Lokala inställningar\Temporary Internet Files\Content.IE5\LNASMKQT Adware.Predictad.1 Incurable.Moved. analyze[1] C:\Documents and Settings\Anders\Lokala inställningar\Temporary Internet Files\Content.IE5\YGJ6PQXB Adware.Predictad.1 Incurable.Moved. analyze[2] C:\Documents and Settings\Anders\Lokala inställningar\Temporary Internet Files\Content.IE5\YGJ6PQXB Adware.Predictad.1 Incurable.Moved. script.js C:\Documents and Settings\Anders-2\Lokala inställningar\Application Data\Google\Chrome\User Data\Default\Extensions\jpihmmhdcob Program.FileSearch.1 Incurable.Moved. XTRANET.X32 C:\Program\Levande Böcker\Svea Rike II\XTRAS Probably DLOADER.Trojan Incurable.Moved. adlsoft_uncompressor_3_3_last.exe C:\Program\redbet\pokerclient\Ny mapp\Downloads Program.ADLSoft.1 - read error Invalid path to file cnet2_SetupMyVideoDownloader_v3_0_1_0_exe.exe C:\Program\redbet\pokerclient\Ny mapp\Downloads Adware.Downware.130 - read error Invalid path to file cnet_DTLite4413-0173_exe.exe C:\Program\redbet\pokerclient\Ny mapp\Downloads Adware.InstallCore.2 Incurable.Moved. installer_daemon_tools.exe C:\Program\redbet\pokerclient\Ny mapp\Downloads Adware.Downware.23 - read error Invalid path to file installer_daemon_tools_4_40_2__Swedish.exe C:\Program\redbet\pokerclient\Ny mapp\Downloads Adware.Downware.23 - read error Invalid path to file installer_vlc_media_player_1_1_4_Swedish.exe C:\Program\redbet\pokerclient\Ny mapp\Downloads Adware.Downware.23 - read error Invalid path to file installer_winrar_4_01_64_bits_Swedish.exe C:\Program\redbet\pokerclient\Ny mapp\Downloads Adware.Downware.23 - read error Invalid path to file SoftonicDownloader_for_unlocker.exe C:\Program\redbet\pokerclient\Ny mapp\Downloads Adware.Downware.82 - read error Invalid path to file install.rdf.vir C:\Qoobox\Quarantine\C\Program\Complitly\support@Complitly.com Adware.Searcher.1222 Incurable.Moved. ExTEnsion32.dll.vir C:\Qoobox\Quarantine\C\Program\Web Assistant Program.SysTreak.1 Incurable.Moved. A0046262.dll C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP388 Adware.Bandoo.5 Incurable.Moved. A0046325.dll C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP389 Adware.Bandoo.5 Incurable.Moved. A0063662.dll C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP436 Trojan.Damaged.1 Deleted. A0063663.dll C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP436 Trojan.Damaged.1 Deleted. A0063664.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP436 Trojan.Damaged.1 Deleted. A0063665.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP436 Trojan.Damaged.1 Deleted. A0063666.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP436 Trojan.Damaged.1 Deleted. A0063667.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP436 Trojan.Damaged.1 Deleted. A0063668.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP436 Trojan.Damaged.1 Deleted. A0063669.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP436 Trojan.Damaged.1 Deleted. A0063670.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP436 Trojan.Damaged.1 Deleted. A0063672.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP436 Trojan.Damaged.1 Deleted. A0063674.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP436 Trojan.Damaged.1 Deleted. A0063675.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP436 Trojan.Damaged.1 Deleted. A0063676.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP436 Trojan.Damaged.1 Deleted. A0067590.dll C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP446 Program.SysTreak.1 Incurable.Moved. A0074594.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP457 Program.SysTreak.1 Incurable.Moved. A0075292.dll C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP458 Trojan.Damaged.1 Deleted. A0075293.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP458 Trojan.Damaged.1 Deleted. A0075294.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP458 Program.ADLSoft.1 - read error Invalid path to file A0075295.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP458 Adware.Downware.130 - read error Invalid path to file A0075296.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP458 Adware.Downware.23 - read error Invalid path to file A0075297.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP458 Adware.Downware.23 - read error Invalid path to file A0075298.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP458 Adware.Downware.23 - read error Invalid path to file A0075299.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP458 Adware.Downware.23 - read error Invalid path to file A0075300.exe C:\System Volume Information\_restore{A27E3AA8-3559-4BED-BE2F-2CEF98306404}\RP458 Adware.Downware.82 - read error Invalid path to file

So far, partner37 hasnt occured with the new IceDragon browser. But I need some more time to really tell if it's gone or not.

Link to post
Share on other sites

Yes, you picked the right scan choices.

Do you notice that you had a lot of adwares, and that a number were from stuff you downloaded ? !

You must exercise much better judgement on what you download.

Only download from reputable sites, those recommended by reputable sources.

Always first scan any download with your antivirus and anti-malware (MBAM) before using or installing any download.

Always make sure your antivirus is up-to-date.

Always make sure MBAM is up to date.

Scan your system, at least once a week with MBAM and antivirus.

Download, & save & then run the MS Safety scanner

http://www.microsoft.com/security/scanner/en-us/default.aspx

Let me know the result.

Get and use Web of Trust WOT add-on for your browser(s)

http://www.mywot.com/en/download

http://www.mywot.com/en/faq/add-on

Note the links I have are for English language. Adjust selection for your location !!

Link to post
Share on other sites

Yes thanks, I've been pretty carelesss of what to download and to run real scans. So when I've downloaded a software, I should right-click and scan with MBAB and MSE before install?

Is it always necessary to delete the programs after detecting virus/malware in it? Just as an example now I saw my downloaded game virtual pool 3 had some trojans after the ESET scan (or whatever it was) detected it. Am I supposed to delete it now or is it safe once the the malware is removed? Maybe you will guide me in upcoming replies what I'm supposed to delete though?

I ran the MS Safety scanner, again, with quick-scan, and again nothing was found.

WOT add-on is now installed.

Link to post
Share on other sites

So when I've downloaded a software, I should right-click and scan with MBAB and MSE before install?

YES

Yes, I would suggest you uninstall Virtual pool, as well as any other program that was tagged by the scan.

You can disregard anything listed in C:\System Volume Information (because that is not active, and is the system restore area; so leave that alone.)

Link to post
Share on other sites

Now we can clean after the tools we used, and close this case.

I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it Combo-Fix icon_exclaim.gif), put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space after exe and before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

  • Click Start, then click Run.
    In the text box that opens, type or copy/paste into the RUN box
    C:\Documents and Settings\Anders\Skrivbord\Combo-Fix.exe /uninstall
    and then click OK.

IF in the case Combofix un-install has an issue, skip that step.

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

ERUNT you should keep and use on a periodic basis to backup Windows registry.

To re-enable CD Emulation programs using DeFogger please perform these steps:

Please download >> DeFogger <<and save it to your desktop.

  • Once downloaded, double-click on the DeFogger icon to start the tool.
  • The application window will appear.
  • You should now click on the Enable button to re-enable your CD Emulation drivers.
  • When it prompts you whether or not you want to continue, please click on the Yes button to continue.
  • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  • If CD Emulation programs are present and have been enabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

Delete the following if still present:

SecurityCheck.exe

fix.bat

Fixpolicies

RKILL

the MS Safety scanner

Stinger.exe

DrWeb Cure-It

You may go to Control Panel >> Add-or-Remove Programs locate ESET Online scanner and un-install it.

Safer practices & malware prevention

We are finished here. Best regards. cool.gif

Link to post
Share on other sites

Thank you very much. I still have a lot left on my desktop so just going to ask a few questions then you can close this thread.

Can I remove:

iExplore.exe

TFC.exe

Drweb

Microsoft Windows Malicious Software Removal Tool

Microsoft Support Emergency Response Tool

Defogger.exe

?

Also, would I be safe with google chrome and mozilla firefox if i reinstalled it now? Not saying I will cause I kind of like this IceDragon, but would it be safe, and would you recommend me to do it or not?

Link to post
Share on other sites

NO, not internet explorer. Unless the iExplore.exe is the version you got for the RKILL download.

The real Internet Explorer needs to stay as is, otherwise you would cause problems for Windows.

TFC is a temporary files cleaner. You can keep or delete as you choose.

DrWeb should be deleted.

You can delete the downloads for these 3

Microsoft Windows Malicious Software Removal Tool

Microsoft Support Emergency Response Tool

Defogger.exe

The more I have used IceDragon the more I personnaly prefer it over the others.

If you do decide to get either of the Chrome or Firefox, it should be ok.

The single most important thing is to be extremely careful in what add-ons you get, and to practice safer surfing.

Cheers.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.