How To Get Rid of This

Discussion in 'malware problems & news' started by Hazeleyze, Sep 7, 2005.

Thread Status:
Not open for further replies.
  1. Hazeleyze

    Hazeleyze Guest

    I found porno movies on my computer which my husband will not admit to. He-He. Anyway, he got a surprise with it and when I started the computer up the next time, I noticed my System Logs were corrupted and I had to clear them. I ran a scan with my AV and it came up with a read-only file that listed lots of nasty sites which I deleted and thought I was done.

    Now, I keep getting entries in the Application logs like:

    Source: ITSS Event ID 1
    The description for Event ID (1) in Source (ITSS) cannot be found. The local computer may not have the necessary registry info or message dll files to display messages from a remote computer. You may be able to use the /AUXSOURCE=flag to retrieve this description. //c:foo.mht!http:dll.ad-aware.cc/CvhA-DG.ARwmQWdSMq86.chm

    I unchecked hide hidden folders, and operating system files, etc. Ran Nod32, HijackThis, Trojan Hunter, Ad-Aware, Spybot, A-squared, and all the online scans I could find. I even ran a couple in safe mode. Nothing shows up in any of them. I've noticed other people have had this c\:foo thing in their HijackThis log but mine doesn't show it.

    I just want to know if this thing is still active somewhere. How do I find it, if it is?

    Not much info on what it is. One suggestion was that this was a Microsoft Internet Explorer ITS Protocol Zone Bypass vulnerablitly. I'm fully patched and updated or at least it's suppose to be.

    I hope someone can help me find what's left and how to get rid of it.

    Thanks
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
  3. Hazeleyze

    Hazeleyze Guest

    Thanks. Will do.
     
  4. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    If u can keep us posted as to the results. ;) :D


    snowbound
     
Loading...
Thread Status:
Not open for further replies.