Possible Virus ?

Hi,

Yesterday I was checking some files and opened one that after open generated:

CriticalUpdate
Registry.pif ( MS-DOS )

These files are in C:

All times that turn on the laptop show:

Wrong OS message

I deleted the CritaclaUpdate and Registry , but when turn off and turn on the system reloaded again.

SpySweeper detected 4 process to alterate the Registry:

usbwin32.exe
MSUpdate
RegistryMonitor
Microsoft Security Hot Fix Update

I removed, but again after turn on.....Same History

I ran Kaspersky, NOD, BitDefender, Norton and McAfee and same Histrory.

 

Hi there, can you please follow the steps located here, just use your Anti-virus instead of Nod32.

From what I have read about this trojan the steps in this thread should remove it...

Lets us know how you go...

Cheers

 

Hi,
Usbwin32.exe is Troj/Adclick-X.

adware/spyware software which overwrites the HOSTS file in order to deny access to selected sites.

Troj/Adclick-X is typically installed/bundled alongside the installation for other third party software (typically shareware or freeware downloaded from the internet).

MSUpdate is a BHO from "Coolwebsearch" [ nasty spyware ]
There are dedicated removal tools for CWS products available free on the net.

 

Thank you and Sorry but Where can get this Tool ?

I have SpySweeper and Giant Spyware would be work ? Or How can do ?

Thank's again

 

You can get the CWS removal tool from here:
http://homepage.ntlworld.com/dvk01uk/downloads.htm

 

It is in one of the steps from the link I posted above...

Cheers

 

Hi,
Because Usbwin32.exe/Troj/Adclick-X is installed with an EULA [end user license agreement] anti Spyware scanners may not remove it for legal reasons. It is primarily Spyware with a low risk; the EULA is also why most AV's won’t detect this problem.

It would be a good idea to disable system restore while removing, as it may back itself up there. Be sure to turn it back on after u finish removal.


Disabling the System Restore Utility

1. Right click the My Computer icon on the Desktop and click on Properties.
2. Click on the System Restore tab.
3. put a check mark next to 'Turn off System Restore on All Drives'.



More info on your pest can be found here : http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100528

 

Hi,

I did everything step-by-step with out good Luck, run the same...Now I intented post my Hijackthis log, but the lik is not available...Where can post to review my System ?

Thank you,

 

Hi Larouse, at the end of the steps where you were asked to download HJT, there is a link to Websites that you can post a HJT log file...

Cheers

 

Hi,

Thank you but the problem is that the link that you post:

http://a-sap.org/

Is not available......Do yoyu know other ?

Thank you,

 

In the same thread:

Cheers

 

How can do if I won't rester in " Safe Mode ", ?

After press F8, the system show: Invalid Key 44

Thank you,

 

There are update instruction here:

https://www.wilderssecurity.com/showthread.php?t=50662

You will see further information on safe mode as well...

Let us know how you go...

Cheers