infection
- Thread starter scroudt
- Start date
ghost
Active Member
well I tried mcafee, and it didn't even pick it up. spy bot search and destroy took care of content.IE%\CLY7CTEJ\SpyGuardinstaller[1].exe, but system32\vpxnk.dll is still there. Norton anti virus picks it up, but doesn't delete it, and I can manually delete it. I'm thinking that if i start my comp up in safe mode I should be able to delete it like that.
what do you guys think?
safe mode, delete manually?
or something else?
what do you guys think?
safe mode, delete manually?
or something else?
scroudt
'Buzz' seems to be busy right now so your going to need some specialty tools for your cleanup.Go here and follow the steps carefully and let us know how things turn out.
http://forums.majorgeeks.com/showthread.php?t=88420
'Buzz' seems to be busy right now so your going to need some specialty tools for your cleanup.Go here and follow the steps carefully and let us know how things turn out.
http://forums.majorgeeks.com/showthread.php?t=88420
scroudt
If you want to be sure, follow these steps i listed in another thread here.
http://www.computerforum.com/showthread.php?t=50557
If you want to be sure, follow these steps i listed in another thread here.
http://www.computerforum.com/showthread.php?t=50557
well things are running better, but with the last online scan that I did it still picked a few things up.
C:\Program Files\Norton AntiVirus\Quarantine\30FF05C8.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\System Volume Information\_restore{70E9976F-33A6-4B8D-9456-7A85DEE49E98}\RP304\A0047802.tlb Infected: Trojan-Downloader.Win32.Zlob.xz skipped
C:\System Volume Information\_restore{70E9976F-33A6-4B8D-9456-7A85DEE49E98}\RP306\A0048166.exe Infected: Trojan-Downloader.Win32.Zlob.xn skipped
C:\System Volume Information\_restore{70E9976F-33A6-4B8D-9456-7A85DEE49E98}\RP306\A0048198.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.xt skipped
C:\System Volume Information\_restore{70E9976F-33A6-4B8D-9456-7A85DEE49E98}\RP306\A0048198.exe/data0008 Infected: Trojan-Downloader.Win32.Zlob.xt skipped
C:\System Volume Information\_restore{70E9976F-33A6-4B8D-9456-7A85DEE49E98}\RP306\A0048198.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{70E9976F-33A6-4B8D-9456-7A85DEE49E98}\RP306\A0048198.exe UPX: infected - 2 skipped
C:\System Volume Information\_restore{70E9976F-33A6-4B8D-9456-7A85DEE49E98}\RP306\A0048198.exe PE_Patch.UPX: infected - 2 skipped
C:\System Volume Information\_restore{70E9976F-33A6-4B8D-9456-7A85DEE49E98}\RP307\A0049510.dll Infected: Trojan.Win32.Agent.qg skipped
C:\System Volume Information\_restore{70E9976F-33A6-4B8D-9456-7A85DEE49E98}\RP308\A0049564.exe Infected: Trojan-Downloader.Win32.Zlob.xz skipped
C:\System Volume Information\_restore{70E9976F-33A6-4B8D-9456-7A85DEE49E98}\RP308\A0049565.exe Infected: Trojan-Downloader.Win32.Zlob.xt skipped
C:\WINDOWS\system32\ld101.tmp Infected: Trojan-Downloader.Win32.Zlob.xt skipped
C:\WINDOWS\system32\simpole.tlb Infected: Trojan-Downloader.Win32.Zlob.xz skipped
how can I remove these?
C:\Program Files\Norton AntiVirus\Quarantine\30FF05C8.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\System Volume Information\_restore{70E9976F-33A6-4B8D-9456-7A85DEE49E98}\RP304\A0047802.tlb Infected: Trojan-Downloader.Win32.Zlob.xz skipped
C:\System Volume Information\_restore{70E9976F-33A6-4B8D-9456-7A85DEE49E98}\RP306\A0048166.exe Infected: Trojan-Downloader.Win32.Zlob.xn skipped
C:\System Volume Information\_restore{70E9976F-33A6-4B8D-9456-7A85DEE49E98}\RP306\A0048198.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.xt skipped
C:\System Volume Information\_restore{70E9976F-33A6-4B8D-9456-7A85DEE49E98}\RP306\A0048198.exe/data0008 Infected: Trojan-Downloader.Win32.Zlob.xt skipped
C:\System Volume Information\_restore{70E9976F-33A6-4B8D-9456-7A85DEE49E98}\RP306\A0048198.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{70E9976F-33A6-4B8D-9456-7A85DEE49E98}\RP306\A0048198.exe UPX: infected - 2 skipped
C:\System Volume Information\_restore{70E9976F-33A6-4B8D-9456-7A85DEE49E98}\RP306\A0048198.exe PE_Patch.UPX: infected - 2 skipped
C:\System Volume Information\_restore{70E9976F-33A6-4B8D-9456-7A85DEE49E98}\RP307\A0049510.dll Infected: Trojan.Win32.Agent.qg skipped
C:\System Volume Information\_restore{70E9976F-33A6-4B8D-9456-7A85DEE49E98}\RP308\A0049564.exe Infected: Trojan-Downloader.Win32.Zlob.xz skipped
C:\System Volume Information\_restore{70E9976F-33A6-4B8D-9456-7A85DEE49E98}\RP308\A0049565.exe Infected: Trojan-Downloader.Win32.Zlob.xt skipped
C:\WINDOWS\system32\ld101.tmp Infected: Trojan-Downloader.Win32.Zlob.xt skipped
C:\WINDOWS\system32\simpole.tlb Infected: Trojan-Downloader.Win32.Zlob.xz skipped
how can I remove these?
Last edited:
As i expected, a specialty cleaning tool is needed.Please do the following.
Download SmitfraudFix here http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Copy/paste the content of that report here and if infection is present, will proceed further with this tool.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes.
Download SmitfraudFix here http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Copy/paste the content of that report here and if infection is present, will proceed further with this tool.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes.