Virus. Is this file important ?

[SonyaM32]

My ewido just found an infected file, that says it's uncleanable, and is asking me if I want to delete the whole archive. Here is the name of the file. I will wait till I get an answer before I delete it. Thanx Sonya
C:\WINDOWS\system32\mac80ex.idf

[bigc73542]

there is some info here


you can go to the file (C:\WINDOWS\system32\mac80ex.idf) in your c drive and open the file and see if either of these files are in there. Don't delete this file (C:\WINDOWS\system32\mac80ex.idf )

The compressed file adv.exe within C:\WINDOWS\system32\mac80ex.idf is a Adware threat.

The compressed file bargains.exe within C:\WINDOWS\system32\mac80ex.idf is a Adware threat

[SonyaM32]

Ok ill try my best to understand here, so bear with me. If I go to see if either of the 2 files are there, do I delete them ? I still have the pop up asking me if I want to delete the whole archive. Can I just delete it.? As long as it does not hurt my pc in any way ?

[bigc73542]

don't delete the whole file, open the file and see if either or both of the other files are in there. If they are there delete them but not the C:\WINDOWS\system32\mac80ex.idf file

bigc

[SonyaM32]

Thank you for your help ! Merry xmas !

[bigc73542]

Merry christmas to you also and good luck. If you would, let me know if you get them out of the file.

bigc

[SonyaM32]

I could not open the file, it was a " open with ", type file. So now it is in quarentine. So I can get it out if needed, I hope. Unless you know how I can open it. Thanx

[bigc73542]

you can open it with notepad

[SonyaM32]

If either of those files are in the notepad, do I delete them ferom there ?I'm sorry, I just don't know alot about all this

[bigc73542]

highlite them if they are there and then delete, just be careful if you delete something you want to keep from notepad it is gone. After deleting close everything, reboot, and rescan with ewido.

[SonyaM32]

OK, I am trying to get them to restore from quarentine . I am highlighting the files and then clicking restore, and they will not. This is my first time using the ewido, so I don't hardly know anything about it .

[bigc73542]

well since you have the file already in quarantine, just leave it there and use your computer normally and see if everything seems to work alright without the file that is in quarantine. if it does work ok and everything works as it should for a week or so then you can probably delete the quarantined file. But I would give it at least a week to make sure nothing shows up

bigc

P.S.
I don't use ewido so I can't be much help with it.

[SonyaM32]

OK, THANX so much for your help !

Something that I found in the file that helped me find everything in it, is at the end of every path are the letters UT. just did a find on them and found every path in the file, eventually. Got rid of the one's I needed to and no more problems. for now.

did you delete it in notepad? I see the file in notepad, however it is mixed with a bunch of other nonsense so I'm a little worried about deleting anything.

[SonyaM32]

Hi bajinaido, what I ended up doing is deleting the whole thing. I just let the ewido clean the file. I have been ok since. Thanx

[Proverbs 9:10]

Followed the link by bigc73542 to search for specific items. When I searched for exdl.exe for example the notepad found two hits. I went to the hit spots and deleted only the "exdl.exe" (was not in quotes). Should I have deleted the part immediately before it which included ...system32/ reference?

After completing this task, I saved it. Now, I am currently getting a message from "messenger service". "Message from SYSTEM to USER on 1/20/05." There is a bunch of warning information with a suggestion to get help at www.ErrorFixer.com. Is this a legitimate warning from my computer, perhaps based on what I deleted in notepad? Or, is this an attempt by others to get at my computer?

Can you please help? I really don't know if I need to follow this link or if I should run fast and furious. Thank you.

[bigc73542]

That is one thing I don't do is delete from notepad. I delete from the file or from the registry. sometimes it is a little confusing the way that note pad presents things. besides I can back up the registry before I delete anything from there.

bigc

[ronjor]

Quote:

www.ErrorFixer.com

I looked at this link and found the click here link points to this.

http://www.spywarecleanerdownload2.c...can.(modified)

I looked over the license agreement and it recommends you purchase the product if you want to clean any spyware.

http://www.errorfixer.com/ef/licenseagreement.asp

Finally, I looked at Eric Howes page for suspect or rogue applications. It is listed.

http://www.spywarewarrior.com/rogue_anti-spyware.htm

[Proverbs 9:10]

Now that I realize it was wise to steer clear, is there anyway to delete this pop up message from ? "messenger service"? If I need to do this in another forum, please let me know. Thank you.

[ronjor]

If you are invaded by adware, and you may be, you could try any of the procedures below.

The link to ASAP has locations where you can post a hijack log for analysis.

http://www.claymania.com/removal-trojan-adware.html

http://www.wilderssecurity.com/showthread.php?t=50662

http://a-sap.org/

Please,make sure there is nothing in my computer.like a virus

[Blackspear]

Quote:

Originally Posted by laughwithme27

Please,make sure there is nothing in my computer.like a virus

Is this a question or a reply?