after first scan with nod32 found adaware but can delete it

Discussion in 'NOD32 version 2 Forum' started by theshadow247, Jul 4, 2005.

Thread Status:
Not open for further replies.
  1. theshadow247

    theshadow247 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    323
    Location:
    ontario.canada
    i just installed nod32 2.50.25.and did my first scan and nod found 15 threats.this is one of them F:\System Volume Information\_restore{2C6D66EA-6557-4545-9D02-A8D932CDACC8}\RP1\A0000083.exe »NSIS »UCmoreIEx.exe »ZIP »IUCMORE.DLL - Win32/Adware.UCmore application.when it was found a box poped up saying that it can be deleted but didn;t give me th option to delete it.and the others are in E:\System Volume Information\_restore{F7A87AB4-A606-4A96-A82F-92D3CEDAAB1D}\RP23\A0092116.exe »NSIS »UCmoreIEx.EXE »ZIP »IUCMORE.DLL - Win32/Adware.UCmore application.can enyone please tell me how i can delete these files.e.drive and f.drive are me storage drives...... o_O
     
  2. Dakhor

    Dakhor Registered Member

    Joined:
    Jan 4, 2005
    Posts:
    75
    Turn off system restore - run a full scan - ( pref in safe mode ) - turn back system restore... ( make sure u have turned on the advanced settings as in Blackspears sticky note )

    ( I never turn it on but i do my own system backups )

    /DaK/
     
  3. theshadow247

    theshadow247 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    323
    Location:
    ontario.canada
    hi.Dakhor.system restore is turned off i never us it i do my own backups.and i already have all the advanced settings checked off. o_O o_O
     
  4. Dakhor

    Dakhor Registered Member

    Joined:
    Jan 4, 2005
    Posts:
    75

    Dosnt look like its turned off ... ( but im no expert )

    ( start menu - controll panel - system - system restore )

    /DaK/
     
  5. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    I agree still looks like it's still on!! Better Double Check!!

    Cheers,
     
  6. theshadow247

    theshadow247 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    323
    Location:
    ontario.canada
    ya thats the first thing i checked and all three c.e.f. are off.is ther a way to access e.or f volume information so i can manualy delete the files.....
     
  7. Dakhor

    Dakhor Registered Member

    Joined:
    Jan 4, 2005
    Posts:
    75
    Try rebooting - other then that this problem is above me ...

    Someone else might have a better idea .

    /DaK/
     
  8. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    You can do a Search and try to Delete from there!
     
  9. theshadow247

    theshadow247 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    323
    Location:
    ontario.canada
    hi.dagolag.i already tryed to search for both e and f system volume info but it comes back its not a valid file.i have the box ticked to turn off system restore for all drive.so i turned system restore back on and rebooted then turned it off and now iam scanning again.ill report back the results...
     
  10. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Great we will wait!!;)
     
  11. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Last edited: Jul 4, 2005
  12. theshadow247

    theshadow247 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    323
    Location:
    ontario.canada
    ok.there still there i see that with the 1.1142.update they are detected but why can't they be deleted through nod32?.and how can i manualy delete them.??there must be a way to manualy delete them i just havn't found it..
     
    Last edited: Jul 4, 2005
  13. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Can you please Right Click on "My Computer" and then click on Properties, and make sure System Restore has a tick in it, as per the following screenshot.

    Then reboot your Computer and run a further scan with Nod32.

    Let us know how you go...

    Cheers :D
     

    Attached Files:

    Last edited: Jul 24, 2006
  14. theshadow247

    theshadow247 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    323
    Location:
    ontario.canada
    hi.Blackspear.i have the box checked turn off system retore on all drives.system restore is off.i never have it on.i rebooted and rescanned but there still there...
     
  15. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    And you are sure you have followed each and every page here, (there are 4 pages in total).

    Have you tried running a scan in Safe Mode?

    Cheers :D
     
    Last edited: Jul 4, 2005
  16. theshadow247

    theshadow247 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    323
    Location:
    ontario.canada
    first off let me just thank every one that helped out.all of my setting are the same as the 4 pages show.i just did a scan in safe mode and the scan shaowed 15 threats found and 10 cleaned but i have scanned two more times and i have 0 threats. o_O .i also have a box that pops up ever time a new page is loading nod downloads gifs and images is there a way to hide this or disable it.
     
  17. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Can you please download and run HijackThis and post your log here.

    Cheers :D
     
  18. theshadow247

    theshadow247 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    323
    Location:
    ontario.canada
    here it is.Logfile of HijackThis v1.99.1
    Scan saved at 12:43:42 AM, on 7/5/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Soft4Ever\looknstop\looknstop.exe
    C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wwSecure.exe
    C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    C:\Program Files\Maxthon\Maxthon.exe
    C:\Documents and Settings\Administrator\My Documents\MY RECEIVED FILES\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my3web.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
    O4 - HKLM\..\Run: [Acronis*True*Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094946298453
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BF5006A1-246F-4DB8-BD07-DCDE0819B811}: NameServer = 66.38.192.233 66.38.192.231
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
     
  19. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    i just have to ask, what happened to Wilders not analyzing HJT logs?

    secondly i found this link on removing ucmore, hope it helps.
     
  20. theshadow247

    theshadow247 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    323
    Location:
    ontario.canada
    thanks for the link.WSFuser.i must of got them i can't find eny of them.....
     
  21. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Staff members can request HijackThis Logs.

    Cheers :D
     
  22. theshadow247

    theshadow247 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    323
    Location:
    ontario.canada
    hi.Blackspear.how does it look o_O thanks for all your help.... :D
     
  23. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Give me a moment, there are 2 entries that I am not sure about.

    I'll get back to you shortly.

    Cheers :D
     
  24. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    Hi theshadow247,

    Welcome to Wilders.

    Your log is clean. There are a few empty pointers that we can delete. Also it seems you have two download managers installed, Internet Download Manager and HiDownload. I would highly recommend removing one via your add/remove control panel applet.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    Also, if you decide to remove Internet Download Manager, be sure the following three entries are removed as well:

    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm

    And/or if you decided to remove HiDownload, be sure the following entry is removed:

    O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll

    Regards,
    Kent
     
  25. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Thanks Kent.

    Cheers :D
     
Thread Status:
Not open for further replies.