Question

Removing W32.Spybot.Worm from a Windows Vista machine. Please help.

Asked by: dudio

Hello everybody,

I yesterday downloaded a Youtube file sent by a friend (dumb, I know; it's the first time I do it and here we go) and my Norton Security Center detected two W32.Spybot.Worm viruses after that. It said it could not eliminate it and the relevant information section on the Symantec website does not mention anything about removing it from Windows Vista. I am not using that laptop now as I am really worried about having my personal info sent to a damn criminal and I have all my work files there.

Here are the questions:

1) How can you remove the W32.Spybot.Worm virus from Windows Vista?
2) Are there any programs that can completely delete it? I am willing to pay.
3) If not, how can you manually do that?
4) Will my laptop be completely safe and clean afterwards?
5) How can I protect myself from such viruses in the future? Norton Security Center did not stop it, so I am looking for something else.

Please let me know and thank you so much for your help.

Thanks,
Dudio

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2007-12-21 at 06:13:06ID23038139
Tags

vista

Topics

Anti-Virus

,

Networking Security Vulnerabilities

,

Windows Vista

Participating Experts
3
Points
500
Comments
67

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Recommended Anti-Virus Software for Vista
    I have tried Norton 360 but don't really think its worth the $80 FEE. I need some recommendations of a product for my Vista Business Laptop that will encompass all standard features (spam control, anti-virus, firewall, etc.) and be merciful on my system resources - what are ...
  2. Vista Computer Installed Enpoint Protection but left Symante…
    I Installed Symantec Endpoint 11.0 on a Toshiba laptop running Vista Business but it left Symantec Anti-Virus in Programs and Features. Please help.

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: IndiGenusPosted on 2007-12-21 at 06:33:00ID: 20513674

Hi Dudio,
Sorry to hear of your troubles. Good questions too but let's first address cleaning.

It would help if we could see what was going on with your computer. I suggest that you download, run, and upload a HijackThis log from the link below.

http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php

Please upload the log at EE-Stuff.com
Use the link below and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

If you have problems with that then just copy and paste the log into a Code Snippet window.



 

by: dudioPosted on 2007-12-21 at 06:43:23ID: 20513759

Thanks. I will do that now. I guess I will have to connect to the internet from the infected laptop then. Will be back in a few minutes.

 

by: IndiGenusPosted on 2007-12-21 at 06:45:31ID: 20513774

If you have another PC just put it onto a flash drive or CD and run/install from there. If you do have to connect just do so quickly and I don't think the risk is too high of further damage at this point. If so we'll deal with it...

 

by: dudioPosted on 2007-12-21 at 07:01:59ID: 20513911

One thing, right after I started running the program, I got this message: For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this.

If that happens, you need to edit the file yourself. To do this, click Start, Run and type:

   notepad C://Windows/System32/drivers/etc/hosts

and press Enter. Find the line(s) HijackThis reports and delete them. Save the file as 'hosts.' (with quotes), and reboot.

For Vista, simply exist HijackThis and run as administrator (this is shortened, I closed the program before copying it).

I tried to do that but it said HiJack this was already running, even though I closed. Im restarting now to try again. Please let me know if there is anything I have to do in this case.

Thank you very much.

 

by: dudioPosted on 2007-12-21 at 07:07:14ID: 20513950

I got the log file. Ill upload it now.

 

by: IndiGenusPosted on 2007-12-21 at 07:09:44ID: 20513977

Yes, normal message for Vista...not a problem. You can just OK it and HJT will finish running.

 

by: dudioPosted on 2007-12-21 at 07:14:05ID: 20514019

Ok file uploaded. I hope it gives you a good idea about what's happening.

Thanks a lot buddy. :)

 

by: dudioPosted on 2007-12-21 at 07:16:13ID: 20514039

 

by: Firstedition0Posted on 2007-12-21 at 07:31:53ID: 20514171

You need to remove these in Hijackthis
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Then follow instrucions from site below
Downloadware removal instructions
http://www.spywareremove.com/removeDownloadWare.html

 

by: dudioPosted on 2007-12-21 at 07:33:29ID: 20514184

Thank you very much. I dont know how to delete files in HijackThis but I will try to do it now.

 

by: IndiGenusPosted on 2007-12-21 at 07:34:21ID: 20514194

Not seeing anything there...though HJT does not see everything by any means. Have you used the removal instructions at Symantec?
http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99&tabid=3

Does it give you the name of the file(s) and where it's located?

You could also try running Kaspersky online scanner. It won't fix anything but it is VERY thorough and will identify where it is. It does take a while to run but if all else fails this should find it.

http://www.kaspersky.com/virusscanner]Kaspersky Online Scanner

Make sure to do a full system scan (My Computer). Save the report at the end and upload for review.

 

by: IndiGenusPosted on 2007-12-21 at 07:35:51ID: 20514208

Sorry, Kaspersky link I gave is broken. Here is correct one.

http://www.kaspersky.com/virusscanner

 

by: Firstedition0Posted on 2007-12-21 at 07:36:24ID: 20514214

Run hijackthis again and put a put a check in the boxes next to what you want to delete then click FIX CHECKED near bottom left

 

by: dudioPosted on 2007-12-21 at 07:37:15ID: 20514223

Thank you very much guys. I am working on it now.

 

by: IndiGenusPosted on 2007-12-21 at 07:39:46ID: 20514239

>""O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe""<

Good catch Firstedition0, missed that...thanks.

>""O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)""<

This is Windows Live Messenger...always shows "no file", not sure why?

 

by: dudioPosted on 2007-12-21 at 07:42:03ID: 20514246

Ok its great to have two experts here. :) I have already deleted the first one. Should I delete the second then or does it belong to the harmless Live Messenger?

 

by: Firstedition0Posted on 2007-12-21 at 07:47:34ID: 20514285

You can leave the
>""O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)""<
as it is showing deactivated in hijackthis if you wish

 

by: dudioPosted on 2007-12-21 at 07:50:44ID: 20514312

Thanks again. Should I go to http://www.kaspersky.com/virusscanner and do what IndiGenious recommended now or is this unnecessary now that you found the part you asked me to remove? If I should skip that point, should I go ahead with http://www.spywareremove.com/removeDownloadWare.html?

Thank you IndiGenus and Firstedition0. I really appreciate it.

 

by: Firstedition0Posted on 2007-12-21 at 07:57:20ID: 20514365

Do the scan first as IndiGenus asked after scan see if anything is left by doing the Downloadware removal instructions.
then please do a new hijackthis log and post it back here along with anythig relevent from Kaspersky scan

 

by: dudioPosted on 2007-12-21 at 07:59:49ID: 20514379

Ok Ill do so. Thanks.

 

by: dudioPosted on 2007-12-21 at 08:18:34ID: 20514535

Its still scanning. Please bear with me guys. :)

 

by: Firstedition0Posted on 2007-12-21 at 08:26:46ID: 20514608

Online scans can take some time. As it is I will be away from computer for a while., (got to work at some point).

 

by: dudioPosted on 2007-12-21 at 08:30:01ID: 20514630

Hehe thanks. Yes me too. It is only at 10% now (was stuck at 9% for a long time and has been stuck at 10% for a while now as well, I hope that is normal). I am a bit worried because now the connection is on and I fair that the virus will exploit the system. All my personal information are there.

 

by: IndiGenusPosted on 2007-12-21 at 09:00:31ID: 20514861

I could be wrong dudio but I don't think you have any backdoors or bots going on here. Unless they are well hidden with a rootkit....I wouldn't worry to much about further exploits. And yes Kaspersky can take quite a while, especially with the amount of files on a Vista machine.

 

by: dudioPosted on 2007-12-21 at 09:03:50ID: 20514893

Thanks IndiGenus. I really hope there is no serious security threat as you think. The program has been running for 46 minutes and only 29% has been completed. Incredibly slow and I am using a 3MB connection. I will wait for it and keep you updated. Hope that you will still be around. :)

Thanks again for your time and effort.

 

by: IndiGenusPosted on 2007-12-21 at 09:20:22ID: 20514982

Ya it's not really the connection speed it's more of how many files total, and how many infections...

Might be a bit late but just thought of something. Many times these things are just in restore points. Had you tried just resetting system restore to see if that removes them? Kaspersky will also identify any there too...

 

by: dudioPosted on 2007-12-21 at 09:25:20ID: 20515018

No I have not. I have no idea about how that is done. The Symantec page that talks about W32.Spybot.Worm mentions something like this but it only gives the instructions for XP and ME. I have not found a single website where they teach you how to fix this in Vista and that is why I am here.

Anyway, 33% is completed so far nothing is found. I really hope Kaspersky finds everything out so that we proceed to eliminating them.

Thanks IndiGenus,

 

by: IndiGenusPosted on 2007-12-21 at 09:47:01ID: 20515139

I'll cheat here on this one....Google is your friend.

Vista System Restore:
Add to instructions...after turning it off and before turning back on again, restart your computer.

http://vistasupport.mvps.org/turn_off_system_restore.htm

 

by: dudioPosted on 2007-12-21 at 09:52:32ID: 20515167

Thanks, I will check that link now. Kaspersky has finished the scan (last time I looked it was 49% completed, but I looked now and it is finished. Don't know why the second 50% finished so fast. I hope nothing is wrong). It says that No malware has been detected. Is that a reliable result or could they be hidden now? In any case, I will save the report and post it in a minute.

 

by: dudioPosted on 2007-12-21 at 09:57:45ID: 20515200

Im trying to ''Save the report as'' and it is not allowing me to save it anywhere. It says it should save it in the temporary files for security reasons. However, after I do save it and it opens the temporary files folder, I can not find it anywhere. Any advice please? Im using IE7. Thanks.

 

by: IndiGenusPosted on 2007-12-21 at 10:02:07ID: 20515233

If it didn't find anything then there really isn't anything to report...

I think the results are reliable.

Try ID: 20514171 from Firstedition0 and also system restore if you haven't already. Wondering if false positive. Does Norton give you any details? File? Location?

 

by: dudioPosted on 2007-12-21 at 10:09:12ID: 20515294

Norton did give me details but it is not finding anything now. I will check that now and let you know. Thanks.

 

by: dudioPosted on 2007-12-21 at 10:19:05ID: 20515370

Both files infected were in the recycle bin. Both of them end with .exe and I have not excuted them. My recycle bin is empty now and a fast analisis does not find anything. I have also defragmented the computer yesterday to empty all unnecessary files etc. Does this anything? Keep in mind that Norton couldnt do anything to any of the two files Im finding this information now under the Unresolved problems (its in Spanish, so that I think is the English translation) in the History section.

Thanks.

 

by: IndiGenusPosted on 2007-12-21 at 10:26:21ID: 20515411

Ahh! Ya if you didn't execute them then you likely were never really infected. Although having them is NOT a good thing. Just to clear up, defragging does not remove any files, only organizes. If you don't like the Windows way of doing it there are a couple of nice free tools for cleaning up temp files, recycle bin, cache, ect....

ATFCleaner: http://www.atribune.org/content/view/19/2/
CCleaner: http://www.ccleaner.com/

Both are good. I use both myself at different times, about once a week.

 

by: dudioPosted on 2007-12-21 at 10:35:45ID: 20515465

I hope that is the case! Anyway, I have just disabled system restore and restarted. When I checked system restore, it was on and it said that the last system restoration took place around two hours ago. Is this normal? Now after deactivating, it says point of restoration is nothing (or something similar in English, Spanish translation again). Should I turn it on now after I have restarted? Also, should Norton find the virus again if it is still there? I remember there were two alerts from Norton when I opened that rar file saying that worm (name) was blocked and that the system is safe. Thats why I made a full system check and found the viruses.

Thanks for your help IndiGenus. Im leaving to a place where there is no computer service in two days and tomorrow is a holiday so youre really saving my Christmas as my computer is very essential for me. Thanks!

 

by: IndiGenusPosted on 2007-12-21 at 10:43:35ID: 20515520

You're welcome.

You should turn system restore back on, yes.

I would also recommend updating and running a full system scan with Norton just to make sure, preferably in Safe Mode as they advise on their site.

Sounds like Norton actually blocked the files from infecting your PC, but did not remove them. So I think you're OK. Wish everyone was this vigilant about these things.

Good luck and Happy Holidays!
Dave

 

by: dudioPosted on 2007-12-21 at 10:49:15ID: 20515552

Thanks again. :) I will do a full system scan in Safe Mode now and see what happens. If nothing is found it means no risks are there and I can use my laptop without any worries, right? I hope so.

Anyway, I will keep this opened just in case and I will report back when everything is completed. Take care buddy and Happy Holidays to you too!

 

by: dudioPosted on 2007-12-21 at 11:04:42ID: 20515637

One thing. I have installed SpyHunter and along with 7 pretty harmless cookies (annoying brands I know like adbrite and DoubleClick), it found a trojan called Trojan.Vundo. It explains it in the following way:

Vundo is a trojan downloader which may secretly install itself on your PC via browser exploits and other security holes. Once it is active on your computer, Vundo will download and display large number of popup adverts. In addition, this parasite may download and install additional obtrusive adware programs. This trojan can be extremely difficult to remove manually, and may cause serious system instability and PC slowdowns.

How can I remove that? SpyHunter wont allow me to remove it before registering and buying a copy. Is it worth it to buy a copy and remove it this way or should I remove it using another method? Hope you can help. Thanks.

 

by: IndiGenusPosted on 2007-12-21 at 11:35:58ID: 20515844

I have not used Spy Hunter. Is is not on the rogue list but I honestly would not trust it and would certainly never pay for it myself. There are much better trusted apps like SpySweeper and Spyware Doctor.

Vundo is a nasty trojan that needs special tools to remove. Even the other programs I mentioned won't remove it. You need a special tool like Vundofix or even better now Combofix. And these should be run with an experts help.

You can post another HJT log for us look at. Vundo will show in there (or it will hide 02 and 020 entries which will indicate it's presence) ...  Vundo will cause severe system slow down, pop ups (even when not using IE), and redirects. Are you experiencing any of these?

 

by: IndiGenusPosted on 2007-12-21 at 11:37:29ID: 20515849

Just found a review on Spy Hunter here. Not good...

http://www.download.com/SpyHunter/3000-2144_4-10671093.html

 

by: dudioPosted on 2007-12-21 at 11:44:34ID: 20515895

Thanks again. No, Im not experiencing any slow downs, pop ups, or anything alike. Im experiencing nothing weird at all. Ill make a HJT log now and post it.

So even if I get Combofix I wouldnt be able to fix it myself?

 

by: dudioPosted on 2007-12-21 at 11:53:15ID: 20515951

Here is the newest Hijackthis log. Please take a look and let me know what has to be done if you can. Thanks. :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:45:07, on 21/12/2007
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
 
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Leyre\Desktop\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=ES_ES&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=ES_ES&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=ES_ES&c=73&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SpyHunter3 Service - Enigma Software Group, Inc. - C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
 
--
End of file - 12807 bytes
                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:

Select allOpen in new window

 

by: dudioPosted on 2007-12-21 at 12:16:47ID: 20516096

I will be away for around three hours. I hope you will be around then. Thanks a lot.

 

by: IndiGenusPosted on 2007-12-21 at 13:04:38ID: 20516327

I'm not seeing any Vundo there. Does Spy Hunter give you any info. regarding the infection? File? Location? ect.....

At this point I would not trust Spy Hunter. I plan on running some tests later with it on a freshly installed OS I have. If you had Vundo you would know it....it renders PC's pretty much useless.

 

by: rpggamergirlPosted on 2007-12-21 at 13:55:00ID: 20516658

C:\Windows\system32\wininit.exe

The above looks like a nasty file, you might like to check that one out --> http://virusscan.jotti.org/
http://www.bleepingcomputer.com/startups/wininit.exe-14276.html

 

by: IndiGenusPosted on 2007-12-21 at 14:22:18ID: 20516807

""C:\Windows\system32\wininit.exe""

Yes, definitely check...I thought it was OK on Vista though??? Not sure...

 

by: Firstedition0Posted on 2007-12-21 at 15:23:13ID: 20517059

C:\Windows\system32\wininit.exe

Hijackthis shows above as Vista related - Starts essential Windows processes
So should be safe.

 

by: dudioPosted on 2007-12-21 at 15:41:20ID: 20517107

Hi again everybody,

Thanks again for your time and willingness to help. Here is the ''Infection Details'' provided by SpyHunter regarding the trojan:

Item name    Object name    Type                 Location
igfxcui         Trojan.Vundo   Registry Key    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\N...    It does not expand it and I found no why to find out the remaining part of the Trojan's location.

On the other hand, is wininit.exe good or bad now? Should I do anything about it? If I should, what do I have to do?

Thank you very much everybody. Looking forward to your valuable help.

 

by: rpggamergirlPosted on 2007-12-21 at 15:49:25ID: 20517124

Yes, wininit.exe could very well belong to Vista, I don't have Vista that's why I suggested to check that file out, since in XP it's flagged as bad.

I also don't trust any automated analyzers, that's why I was curious of the legitimacy of that file, :)

 

by: dudioPosted on 2007-12-21 at 15:49:41ID: 20517126

I went to the source of wininit and the creation and modification date is similar to most of the other files there (Novemeber 2nd 2006). Just wanted to include that just in case.

 

by: dudioPosted on 2007-12-21 at 15:51:21ID: 20517136

Ok thanks rpggamegirl. :) I posted my last post before reading yours. Do you still think I should check it with the online scanner you recommended or is it unnecessary now?

 

by: rpggamergirlPosted on 2007-12-21 at 15:59:06ID: 20517160

winlogon\notify key is ignored in Vista so you don't need to worry about it if that's where the vundo is.

Some scanners might be able to show the whole winlogon\notify key.
In Vista hijackthis can take care of the vundo infection usually, if the entries are showing by merely fixing the relevant entries.

But since winlogon\notify key is ignored in Vista, there is no harm even if vundo uses that key. Though it is good to remove it if you can.


I've googled and saw some Vista users with that file...so it looks like that's a legit file...
But if I may ask.... please check it out if it's not too much trouble......that would then help me decide... for future reference.

 

by: rpggamergirlPosted on 2007-12-21 at 16:04:35ID: 20517172

>>I went to the source of wininit and the creation and modification date is similar to most of the other files there (Novemeber 2nd 2006). Just wanted to include that just in case.<<

sorry didn't see your post.......well, it looks like it's legit then, thanks!

 

by: dudioPosted on 2007-12-21 at 16:08:12ID: 20517184

Thanks YOU :) So there is currently nothing to worry about? Can you please recommend a good scanner to make sure everything is Ok now and try to remove the Trojan? I meanwhile will make a full scan with Norton Security Center in the Safe Mode and will post back the results here. Is there anyway this virus can ''hide'' from Norton? And finally, if everything is ok now, what is the best (or combination of) software I should use to protect my PC. Any tips and help would be great.

Thanks again. I REALLY appreciate it.

 

by: IndiGenusPosted on 2007-12-21 at 16:12:30ID: 20517194

>""Item name    Object name    Type                 Location
igfxcui         Trojan.Vundo   Registry Key    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\N...""<

igfxcui is part of an Intel Graphics Controller....Why Spy Hunter flags this as bad is beyond me. I would scrap it and go for a proven legit AS program. Here are a couple of good free/trial ones.

AVG: http://downloads.grisoft.cz/softw/70/filedir/inst/avgas-setup-7.5.1.43.exe
SuperAntiSpyware: http://www.superantispyware.com/superantispywarefreevspro.html

 

by: dudioPosted on 2007-12-21 at 16:14:47ID: 20517204

Thanks IndiGenus. I will uninstall it and try the ones you mentioned. Ill post back the results when Im finished.

 

by: rpggamergirlPosted on 2007-12-21 at 16:23:06ID: 20517222

1.  You can try doing an online scan with TrendMicro or Panda's Activescan, or Kaspersky.
Using Internet Explorer, run Kaspersky Online Scanner(Kaspersky online won't remove what it finds but you can then remove it if there are naties found)
http://www.kaspersky.com/virusscanner
   
* Click 'Accept' in the window that pops up.
* You will be prompted to install an ActiveX component from Kaspersky, Click on the information bar and select Install ActiveX Control if so. This may happen more than once. That is OK. You also may get a warning from your Windows Firewall. You can tell it to unblock.
* The program will launch and then start to download the latest definition files.
* Once the scanner is installed and the definitions downloaded, click 'Next'.
* Now click on 'Scan Settings'
* In the scan settings make sure that the following are selected:
          o Scan using the following Anti-Virus database: 'Extended' (If available, otherwise 'Standard')
          o Scan Options: 'Scan Archives' and 'Scan Mail Bases'
* Click 'OK'
* Now under 'Select a target to scan' select 'My Computer'
* The scan will take a while, so be patient and let it run. Once the scan is complete, it will display whether your system has been infected.
* Now click on the 'Save Report As...' button:
* Make sure it says Save as a text file - change it if not
* Save the file to your desktop.


2. It's good to have antispyware installed, AVG or SUPERAntispyware is free as an on-demand scnaner with all updates, or for a small fee you can have a real-time protection.
http://www.superantispyware.com/

3. Also check out this link , "How Did I Get Infected in the First Place?"
If you use IE to browse the web then SpywareBlaster is an excellent addition, no resouce hog whatsoever because it doesn't need to be running while protecting you from activeX based malware.
http://forums.spybot.info/showthread.php?t=279

 

by: rpggamergirlPosted on 2007-12-21 at 16:24:21ID: 20517227

Ooops..didn't see InDiGenus post sorry....  please ignore repeated suggestions.

 

by: dudioPosted on 2007-12-21 at 16:28:59ID: 20517238

Thanks rpggamergirl :). I almost never use IE but I will take a look at AVG as both you and IG recommended it. Thanks again.

 

by: dudioPosted on 2007-12-21 at 17:37:50ID: 20517391

Here is an update: I have scanned the whole system with AVG Anti-Spyware and have found 15 objects and 31 traces (using AVG's terminology). I am starting to feel better and worry less as he last two different program scans have not found W32.Spybot.Worm. Fourteen out of the fifteen objects found are cookies that I recognise (except of one named ''TrackingCookie.2o7'' and another named ''TrackingCookie.Atdmt''). The remaining object is named ''Adware.RogueSuspect''. All the objects have a risk rating of medium.

I can not find any way to remove or repair the infected files in AVG Anti-Spyware. Please advice in what has to be done now. Should these files be deleted? Do you need to know the locations? How can I delete them? Are these results accurate and should I not worry about any serious risk at this point?

Looking forward to your valuable advice. Thanks again. I really appreciate it.

 

by: IndiGenusPosted on 2007-12-21 at 18:02:41ID: 20517437

Cookies are totally harmless...

In AVG make sure to set up to quarantine files..

Before scanning....
Click on the Settings tab.
      * Under How to act? - make sure that Quarantine is selected.

When the scan has finished, follow the instructions below:
      * Make sure that Set all elements to: shows Quarantine
.................

 

by: dudioPosted on 2007-12-21 at 18:07:51ID: 20517447

Thanks IG. Ill follow the steps and rescan. Im also scanning the system with Super anti spyware now to confirm the results and see if the system is clean now. Im sorry to repeat the question, but is it safe to assume that there is no major risk now? Are the results obtained by AVG accurate? Should I not worry about a spybot worm anymore or should I keep looking? If I have to keep looking, what tools should I use? Thanks again.

 

by: IndiGenusPosted on 2007-12-21 at 18:28:23ID: 20517500

>""but is it safe to assume that there is no major risk now?""<
Yes, there isn't anything to indicate otherwise.

>"" Are the results obtained by AVG accurate?""<
Yes, AVG is very reliable and accurate.

>"" Should I not worry about a spybot worm anymore or should I keep looking?""<
I think you're OK...You should do regular scans to prevent all types of malware.

>""If I have to keep looking, what tools should I use?""<
Again...think you're OK...there are no guarantees with this kind of thing though.

Bottom line, there are no guarantees no matter what tools you put in place. Being prudent and NOT opening attachments unless you absolutely know it's safe, downloading P2P/torrents, downloading free smileys and screen savers, ect...

Also, look through the link that rpg gave you from Tony Klein on "How did I get infected in the first place" It's a little dated but still very relevent, and he happens to be one of the most knowledgeable experts out there with regards to this kind of stuff. Good luck...
Hope that helps,
Dave

 

by: dudioPosted on 2007-12-21 at 18:40:48ID: 20517523

Thanks a lot Dave. SUPERAntiSpyware has been scanning for 42 minutes and it has so far detected 22 items. The threat description there is ''Adware.Tracking Cookie''. Ill see what happens when it finishes and report back.

Thanks again.

 

by: IndiGenusPosted on 2007-12-21 at 18:57:17ID: 20517554

Cookies, as I said before, are harmless. You can use either the Windows cleanup utilities or ATFCleaner and/or CCleaner to remove them also without having to run spyware tools.

 

by: dudioPosted on 2007-12-21 at 19:02:08ID: 20517562

Thank you. I will do that.

 

by: dudioPosted on 2007-12-26 at 01:48:28ID: 31416551

Thank you very much for your time and help. I really appreciate it.

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...