after first scan with nod32 found adaware but can delete it

i just installed nod32 2.50.25.and did my first scan and nod found 15 threats.this is one of them F:\System Volume Information\_restore{2C6D66EA-6557-4545-9D02-A8D932CDACC8}\RP1\A0000083.exe »NSIS »UCmoreIEx.exe »ZIP »IUCMORE.DLL - Win32/Adware.UCmore application.when it was found a box poped up saying that it can be deleted but didn;t give me th option to delete it.and the others are in E:\System Volume Information\_restore{F7A87AB4-A606-4A96-A82F-92D3CEDAAB1D}\RP23\A0092116.exe »NSIS »UCmoreIEx.EXE »ZIP »IUCMORE.DLL - Win32/Adware.UCmore application.can enyone please tell me how i can delete these files.e.drive and f.drive are me storage drives......

 

Turn off system restore - run a full scan - ( pref in safe mode ) - turn back system restore... ( make sure u have turned on the advanced settings as in Blackspears sticky note )

( I never turn it on but i do my own system backups )

/DaK/

 

hi.Dakhor.system restore is turned off i never us it i do my own backups.and i already have all the advanced settings checked off.

 

Dosnt look like its turned off ... ( but im no expert )

( start menu - controll panel - system - system restore )

/DaK/

 

I agree still looks like it's still on!! Better Double Check!!

Cheers,

 

ya thats the first thing i checked and all three c.e.f. are off.is ther a way to access e.or f volume information so i can manualy delete the files.....

 

Try rebooting - other then that this problem is above me ...

Someone else might have a better idea .

/DaK/

 

You can do a Search and try to Delete from there!

 

hi.dagolag.i already tryed to search for both e and f system volume info but it comes back its not a valid file.i have the box ticked to turn off system restore for all drive.so i turned system restore back on and rebooted then turned it off and now iam scanning again.ill report back the results...

 

Great we will wait!!

 

I googled it for you Have a look!!

http://www.google.ca/search?q=+Win32/Adware.UCmore+&hl=en&lr=&filter=0


Look at the bottom of this page http://www.spywareremove.com/removeucmoreiexexe.html

 

ok.there still there i see that with the 1.1142.update they are detected but why can't they be deleted through nod32?.and how can i manualy delete them.??there must be a way to manualy delete them i just havn't found it..

 

Can you please Right Click on "My Computer" and then click on Properties, and make sure System Restore has a tick in it, as per the following screenshot.

Then reboot your Computer and run a further scan with Nod32.

Let us know how you go...

Cheers

 

hi.Blackspear.i have the box checked turn off system retore on all drives.system restore is off.i never have it on.i rebooted and rescanned but there still there...

 

And you are sure you have followed each and every page here, (there are 4 pages in total).

Have you tried running a scan in Safe Mode?

Cheers

 

first off let me just thank every one that helped out.all of my setting are the same as the 4 pages show.i just did a scan in safe mode and the scan shaowed 15 threats found and 10 cleaned but i have scanned two more times and i have 0 threats. .i also have a box that pops up ever time a new page is loading nod downloads gifs and images is there a way to hide this or disable it.

 

Can you please download and run HijackThis and post your log here.

Cheers

 

here it is.Logfile of HijackThis v1.99.1
Scan saved at 12:43:42 AM, on 7/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Soft4Ever\looknstop\looknstop.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Documents and Settings\Administrator\My Documents\MY RECEIVED FILES\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my3web.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [Acronis*True*Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094946298453
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF5006A1-246F-4DB8-BD07-DCDE0819B811}: NameServer = 66.38.192.233 66.38.192.231
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

 

i just have to ask, what happened to Wilders not analyzing HJT logs?

secondly i found this link on removing ucmore, hope it helps.

 

thanks for the link.WSFuser.i must of got them i can't find eny of them.....

 

Staff members can request HijackThis Logs.

Cheers

 

hi.Blackspear.how does it look thanks for all your help....

 

Give me a moment, there are 2 entries that I am not sure about.

I'll get back to you shortly.

Cheers

 

Hi theshadow247,

Welcome to Wilders.

Your log is clean. There are a few empty pointers that we can delete. Also it seems you have two download managers installed, Internet Download Manager and HiDownload. I would highly recommend removing one via your add/remove control panel applet.

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Also, if you decide to remove Internet Download Manager, be sure the following three entries are removed as well:

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm

And/or if you decided to remove HiDownload, be sure the following entry is removed:

O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll

Regards,
Kent

 

Thanks Kent.

Cheers