secthought.e virus - Needing HELP

Discussion in 'adware, spyware & hijack cleaning' started by Scion7, Jun 20, 2004.

Thread Status:
Not open for further replies.
  1. Scion7

    Scion7 Registered Member

    Joined:
    Jun 20, 2004
    Posts:
    10
    Yesterday I got hit by this SecThought.E virus...no one was here at home to help me...so I ran the AVG...it said it put it in some folder but couldn't remove it. I honestly don't know at all what I am doing...I ran another scan from TrendMicro...no viruses came up..ran 3 more scans from AVG...no viruses came up...but on the ""test results"" it says it is still infected. My spouse says it must be gone and not to worry about it because similar things have happened to him twice before on this computer...*not that it makes me feel any better**...but I am still concerned. I noticed you said it was made to download files w/o consent...so hopefully it isn't as bad as someone hacking all my personal info...I will take note of what you all said to do and run it by my spouse...thanks.
     
  2. Scion7

    Scion7 Registered Member

    Joined:
    Jun 20, 2004
    Posts:
    10
    Needing HELP

    I found the SecThought.E virus on my computer using AVG...then found your forum with information on how to fix adware and post my LOG here. I hope I followed everything right.

    I downloaded the Ad-aware version.
    This was the result of that scan...
    Performing SYSTEM scan:
    0 processes identified
    1 registry key identified
    0 registry values identified
    91 files identified
    2 folders identified
    If I did it right….then 94 items were quarantined and removed… WOW
    ---------------------------------------
    I then downloaded the HijackThis program and here is a copy of the Log I believe I saved it right:
    Logfile of HijackThis v1.97.7
    Scan saved at 12:51:30 PM, on 6/20/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Nhksrv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\System32\DSentry.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\program files\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\Messenger Plus! 2\MsgPlus.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
    C:\Program Files\Microsoft Money\System\mnyexpr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Handspring\HotSync.exe
    C:\WINDOWS\webshots.scr
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\Microsoft Works\MSWorks.exe
    C:\Documents and Settings\Sam\My Documents\HijackThis-safe-.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...aults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
    O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"
    O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HotSync.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb012
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O9 - Extra button: WeatherBug (HKCU)
    O16 - DPF: ChatSpace Full Java Client 4.0.0.300 - http://about.chatspace.com/Java/cfs40300.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
    O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
    O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX25.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://www.flipside.com/cab/WONWebLauncherControl.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

    ----------------
    Thanks a million if you can help me with this...
    ~Scion7
     
    Last edited: Jun 20, 2004
  3. Scion7

    Scion7 Registered Member

    Joined:
    Jun 20, 2004
    Posts:
    10
    Re: SecThought.E

    I see a lot of people posting logs and getting help. Is there something I did wrong that so far no one has helped me. Should I have put SecThought.E in my title?
    *I'm just frustrated because I don't have anyone else to help me and I need to know my computer is safe.
     
    Last edited: Jun 20, 2004
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Re: Needing HELP

    Hi there Scion, the experts are really occupied, you'll have your turn, your log is made fine so the guys will come to you asap to tell you what's wrong.
    I'm not one of the experts so i can't help you with this part!
    You did your scans with Ad-aware and SpybotS&D to start with, so that's the good part already.
    It would be very handy for all if the title of a thread is describing, like Sec.Thought.C infection so other visitors looking for help find the information much easier, as Hep me please! describes your situation, but so is it for hundreds of people :)
    a global moderator can change it for you if you like.
    But first waiting for an expert to help you cleansing! Hold on, they'll be with you asap!
     
  5. Scion7

    Scion7 Registered Member

    Joined:
    Jun 20, 2004
    Posts:
    10
    Thanks Jooske

    Yeah. I guess where it said to ::Step 3: Start a new topic here in this section and post your log.
    I thought maybe it was set up different and I am new here so I had no idea how this all works. Sorry for the typo's and impatience....trying to figure all this out with kids underfoot and other things going on here.

    Maybe it would be easier to have someone change the "title" to SecThought.E
     
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Re: Needing HELP

    In general it's handy to post a link from the one to the other thread
    https://www.wilderssecurity.com/showthread.php?t=30203
    so people cna follow the discussion much easier.
    It might help if you can tell in which location exactly the SecThought.E thing is found? Temp files, system.sestore, recyclebin, etc wherever with the full pathname please.
    It is adware and i thought Adaware and SpybotS&D would have dealt with it, normally.
     
  7. Scion7

    Scion7 Registered Member

    Joined:
    Jun 20, 2004
    Posts:
    10
    Re: SecThought.E

    Well originally in my AVG it found it..and put it somewhere. *safe file or something* Then I had noticed it was in my "temp internet files" I think that is where most people found it....I had already dumped my temp internet files...and searched my computer for it and deleted it. Every scan I do it does not come up...the ad-ware scan I did had almost 100 items come up. When I check my AVG at the "test results" it says ""still infected"". I don't really know what more to do...that was when I found this site and posted a message where I saw instructions for someone else on what to do about posting a log here and scanning for adware.
    I don't know much at all about computers, viruses etc...and am just floating through all the "instructions" here to see if there is a way to remove it.
     
  8. Scion7

    Scion7 Registered Member

    Joined:
    Jun 20, 2004
    Posts:
    10
    SecThought.E

    HIJACK LOG: Need Help
    https://www.wilderssecurity.com/showthread.php?t=37230

    I started a different thread this morning...but I titled it poorly...as in Need Help instead of the virus name. If you are someone particularly interested in helping with this virus...please check my Hijack LOG. I don't mean to sound impatient...but I've been on here all day...I didn't realize you all were so busy...I'll keep checking back when I can.

    Started from this:
    https://www.wilderssecurity.com/showthread.php?p=200691#post200691
     
  9. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Hi Scion7,

    Could you explain a little more about what you are seeing and where you are looking in AVG's screens? It sounds like all that is happening is that you are looking in the "Test Results" screen (see image below) and thinking that means you are still infected. But, all that screen shows are summaries of previsous scans. It's basic just a historical log, nothing more. It doesn't mean you are still infected, simply that along the way one of the past scans found a virus.

    If a new scan does not turn up a new copy of the virus, then that first scan did indeed find it and send it to the virus vault, a place to dump caught virus files.

    If you are seeing a new infection, then tell us where - exact what location and file names it is find the infection in.

    Note: I've split off and merged together most of your posts into a single thread here, so we don't have to link to three different threads for the same topic. Let's keep the replies here.
     

    Attached Files:

  10. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Re: Needing HELP

    Hi Scion7,

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...aults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
    O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

    O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb012

    O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?

    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab

    Then reboot into safe mode and delete:
    C:\Program Files\MyWebSearch <= entire folder

    Then do a full system scan and give us the full file and pathname of anything that AVG detects.

    Regards,

    Pieter
     
  11. Scion7

    Scion7 Registered Member

    Joined:
    Jun 20, 2004
    Posts:
    10
    Sorry for the mess I made on the boards...

    I guess that I never saw anything in the AVG virus vault...I thought I saw something come up that it was detected (SecThought.E), gave me the option to do nothing or put it in some folder, but couldn't be removed. I do know that during the time I was trying to fix the problem my 1 yr old shut the power off to the computer.

    Maybe I was just paranoid because I know nothing of viruses.

    All the files you listed to remove...those aren't important at all?
    I don't want my spouse getting more mad at me for messing with stuff as it is, lol.

    (MiniBugTransporterX Class) - http://download.weatherbug.com/mini...ransporter.cab?
    If I remove that will I lose my WeatherBug...I use it a lot ...for local weather.
    Scion
     
  12. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    You can leave that one alone if you use it. It will be replaced as soon as you need it, which is probably why millions of others that don't need it also have it. :D

    If your wife gets mad about any of the others, I'll be here for you to back you up. ;)
    But she will probably be gratefull because the machine should be lots faster.

    Regards,

    Pieter
     
  13. Scion7

    Scion7 Registered Member

    Joined:
    Jun 20, 2004
    Posts:
    10
    LOL, thanks...(wife ;) ) I'm the wife. :D

    On the AVG test results if I double click where it says "Virus Detected"
    A new page comes up Where the name of the virus is and to the right says "Still Infected" I was going to try to attach it like you did but I couldn't figure it all out.
     
  14. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Excuse my misunderstanding. English is not my number one language. [​IMG]

    Does it give you a full path and filename on that page?
    Like for example C:\_RESTORE\TEMP\abc01234.exe

    Regards,

    Pieter
     
  15. Scion7

    Scion7 Registered Member

    Joined:
    Jun 20, 2004
    Posts:
    10
    I checked the boxes on the "Hijack log" removed them, started up in safe mode based on the instructions here how to do so...deleted the folder called C:\Program Files\MyWebSearch
    Restarted back in normal mode...running AVG now for a full scan.
    Full scan results came up with no viruses.

    C:\Documents and Settings\SAM\Local Settings\Temporary Internet Files\CONTENT.IE5\5JJR9POA\INSTAL~1.EXE
    That was the file name for the virus, and it was in a temp internet folder. I had deleted that one yesterday so I just wasn't sure if the test results would say "safe" instead of "still infected". I am not entirely familiar with the AVG program. If I search my computer for that file there is no result with that name.

    We have the Windows 2000 XP Home Edition. I noticed I could come in as the Administrator in 'Safe Mode' but I do not know how to do it in regular mode. I won't be able to scan my husbands files in his name because I don't know his password. I think I wouldn't be able to scan online in safe mode either so we should probably buy some software?

    Can I assume my computer is 'safer' now...or cleaned up?

    Thank you for all your time and patience. :D It is VERY much appreciated!!!
     
  16. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    One more thing you should do before I am confident you got rid of it.

    In IE where you cleaned out the Temporary Internet Files
    (Tools > Internet-options > general Tab > delete Files)
    Repeat that but put a checkmark in the "Include off-line content" box.

    Then read: Why did I get infected in the first place

    Regards,

    Pieter
     
  17. Scion7

    Scion7 Registered Member

    Joined:
    Jun 20, 2004
    Posts:
    10
    Alright :)

    I deleted the off-line content too.

    I started reading some of the stuff (Then read: Why did I get infected in the first place) But I will read it more thouroughly later.

    Thanks again for all your kind help.
     
Thread Status:
Not open for further replies.