If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Help please with VX2, IGETNET, ugroup and popups
I somehow have somehow become infected. with VX2, IGETNET, ugroup and popup.
I seem to have made progress with igetnet, but not the others. I have ran the latest mcafee, spybot and adware. I have used ad awares VX2 removal tool but it reports "system clean" yet ad aware continues to find VX2 files. I try to delete, but always atleast ONE file is in use. I have rebooted to COMMAND PROMT and deleted what files I could find that were trying to be deleted, but one or two I have not been able to find. I keep getting POPup every several moment, the usually want to sell me either a spyware package, or a performace package (can you spell BLACKMAIL?) Please help! I am afraid to send or recieve email, and being on the WEB is a real pain. (even though the popup come when I am not on the web, they come much higher rate when I am. also, on boot up, I get a rundll error "An exception occured while trying to run ""c:\windows\system32\filename.dll",UMonitor" TIA Mc |
Ads |
#2
|
|||
|
|||
Help please with VX2, IGETNET, ugroup and popups
1) Download the following three items...
Trend Sysclean Package http://www.trendmicro.com/download/dcs.asp Latest Trend signature files. http://www.trendmicro.com/download/pattern.asp Adaware SE (free personal version v1.05) http://www.lavasoftusa.com/ Create a directory. On drive "C:\" (e.g., "c:\New Folder") or the desktop (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder") Download SYSCLEAN.COM and place it in that directory. Download the Trend Pattern File by obtaining the ZIP file. For example; lpt297.zip Extract the contents of the ZIP file and place the contents in the same directory as SYSCLEAN.COM. 2) Update Adaware with the latest definitions. 3) If you are using WinME or WinXP, disable System Restore http://vil.nai.com/vil/SystemHelpDoc...SysRestore.htm 4) Reboot your PC into Safe Mode 5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your platform and clean/delete any infectors/parasites found. (a few cycles may be needed) 6) Restart your PC and perform a "final" Full Scan of your platform using both the Trend Sysclean utility and Adaware 7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB), 8) Reboot your PC. 9) If you are using WinME or WinXP, create a new Restore point * * * Please report back your results * * * Dave "Mctabish johnsonclan.net" mc@ nospam wrote in message news:djLvd.261249$R05.174154@attbi_s53... | I somehow have somehow become infected. with VX2, IGETNET, ugroup and popup. | I seem to have made progress with igetnet, but not the others. | | I have ran the latest mcafee, spybot and adware. I have used ad awares VX2 | removal tool but it reports "system clean" yet ad aware continues to find | VX2 files. I try to delete, but always atleast ONE file is in use. I have | rebooted to COMMAND PROMT and deleted what files I could find that were | trying to be deleted, but one or two I have not been able to find. | | I keep getting POPup every several moment, the usually want to sell me | either a spyware package, or a performace package (can you spell BLACKMAIL?) | | Please help! I am afraid to send or recieve email, and being on the WEB is a | real pain. (even though the popup come when I am not on the web, they come | much higher rate when I am. | | also, on boot up, I get a rundll error "An exception occured while trying to | run ""c:\windows\system32\filename.dll",UMonitor" | | TIA | Mc | | |
#3
|
|||
|
|||
Help please with VX2, IGETNET, ugroup and popups
Downloaded trend (alread had ad aware 1.05)
Trend could not open all files (access denied) it did not find anything with the files it opened. Log attached below. AD Aware still found critical, but could not remove one of the files -C:\WINDOWS\system32\ennql1551.dll (one that trend could not access) I DID do this in SAFE MODE. What else can I do? Thanks Mc Log file for Trend /--------------------------------------------------------------\ | Trend Micro Sysclean Package | | Copyright 2002, Trend Micro, Inc. | | http://www.trendmicro.com | \--------------------------------------------------------------/ 2004-12-14, 19:00:04, Auto-clean mode specified. 2004-12-14, 19:00:04, Running scanner "C:\virus\TSC.BIN"... 2004-12-14, 19:02:40, Scanner "C:\virus\TSC.BIN" has finished running. 2004-12-14, 19:02:40, TSC Log: 2004-12-14, 19:54:10, An error occurred while scanning file "C:\Documents and Settings\Bruce.LAPPIE\NTUSER.DAT": Access is denied. 2004-12-14, 19:54:10, An error occurred while scanning file "C:\Documents and Settings\Bruce.LAPPIE\ntuser.dat.LOG": Access is denied. 2004-12-14, 20:35:03, An error occurred while scanning file "C:\Documents and Settings\Bruce.LAPPIE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied. 2004-12-14, 20:35:03, An error occurred while scanning file "C:\Documents and Settings\Bruce.LAPPIE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied. 2004-12-14, 20:51:37, An error occurred while scanning file "C:\Documents and Settings\NetworkService\NTUSER.DAT": Access is denied. 2004-12-14, 20:51:37, An error occurred while scanning file "C:\Documents and Settings\NetworkService\ntuser.dat.LOG": Access is denied. 2004-12-14, 20:51:37, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied. 2004-12-14, 20:51:37, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\AD-AWARE.EXE-2ED3360E.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\CNMSM56.EXE-04173B48.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\DW.EXE-227292CF.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\EXCEL.EXE-2C971FD7.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\HELPCTR.EXE-3862B6F5.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\HH.EXE-2D1A70B3.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\HPGS2WNF.EXE-0E86C34B.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\IEDW.EXE-1880380E.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\KILLBOX.EXE-191EF7AF.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\Layout.ini": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\MCAGENT.EXE-168D195B.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\MCAPPINS.EXE-08FD5359.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\MCDASH.EXE-26506D96.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\MCINFO.EXE-35A0A279.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\MCMNHDLR.EXE-25682BF9.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\MCSHIELD.EXE-15F93AD5.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\MCUPDATE.EXE-19916285.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\MCUPDMGR.EXE-2963FAB2.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\MCUPDUI.EXE-27129637.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\MCVSESCN.EXE-093F0C5C.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\MCVSFTSN.EXE-28693C17.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\MCVSMAP.EXE-155ED7D3.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\MCVSRTE.EXE-3391F051.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\MCVSSHLD.EXE-2D6751F9.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\MGHTML.EXE-31D79FA5.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\MSIMN.EXE-38BA891D.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\MSOHELP.EXE-06826F09.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\MSPAINT.EXE-11CBB631.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\MSPUB.EXE-3934B7B4.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\NTVDM.EXE-1A10A423.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\OUTLOOK.EXE-27D5965C.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\PHOTOED.EXE-0F3CAA01.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\QW.EXE-1F6051DF.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\RASAUTOU.EXE-18B88A68.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\REALPLAY.EXE-1BF219BD.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\REALSCHED.EXE-3282FD31.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-12CFC0CD.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-15FD705A.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-1985E989.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-1A8A4565.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-20332B33.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2576181F.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-29486132.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2AE445C7.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2FABF9D3.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-307B5698.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-3D64C4BA.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\SPYBOTSD.EXE-1344276B.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\WINWORD.EXE-29F5CB89.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf": Access is denied. 2004-12-15, 00:10:55, Could not set file for reading on "C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf": Access is denied. 2004-12-15, 00:12:46, An error occurred while scanning file "C:\WINDOWS\system32\ennql1551.dll": Access is denied. 2004-12-15, 00:13:08, An error occurred while scanning file "C:\WINDOWS\system32\l0r0la9m1d.dll": Access is denied. 2004-12-15, 00:14:49, An error occurred while scanning file "C:\WINDOWS\system32\wbsdmoe.dll": Access is denied. 2004-12-15, 00:15:21, An error occurred while scanning file "C:\WINDOWS\system32\config\DEFAULT": Access is denied. 2004-12-15, 00:15:21, An error occurred while scanning file "C:\WINDOWS\system32\config\default.LOG": Access is denied. 2004-12-15, 00:15:21, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM": Access is denied. 2004-12-15, 00:15:21, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM.LOG": Access is denied. 2004-12-15, 00:15:21, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY": Access is denied. 2004-12-15, 00:15:21, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY.LOG": Access is denied. 2004-12-15, 00:15:21, An error occurred while scanning file "C:\WINDOWS\system32\config\SOFTWARE": Access is denied. 2004-12-15, 00:15:21, An error occurred while scanning file "C:\WINDOWS\system32\config\software.LOG": Access is denied. 2004-12-15, 00:15:22, An error occurred while scanning file "C:\WINDOWS\system32\config\SYSTEM": Access is denied. 2004-12-15, 00:15:22, An error occurred while scanning file "C:\WINDOWS\system32\config\system.LOG": Access is denied. 2004-12-15, 00:17:17, Running scanner "C:\virus\VSCANTM.BIN"... 2004-12-15, 03:47:16, Files Detected: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 12/15/2004 00:17:18 VSAPI Engine Version : 7.000-1004 VSCANTM Version : 1.1-1001 Virus Pattern Version : 297 (81045 Patterns) (2004/12/14) (229700) Command Line: C:\virus\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\virus 257155 files have been read. 257155 files have been checked. 132570 files have been scanned. 214621 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 12/15/2004 03:47:16 ---------*---------*---------*---------*---------*---------*---------*---------* 2004-12-15, 03:47:16, Files Clean: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 12/15/2004 00:17:17 VSAPI Engine Version : 7.000-1004 VSCANTM Version : 1.1-1001 Virus Pattern Version : 297 (81045 Patterns) (2004/12/14) (229700) Command Line: C:\virus\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\virus 257155 files have been read. 257155 files have been checked. 132570 files have been scanned. 214621 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 12/15/2004 03:47:16 3 hours 29 minutes 53 seconds (12592.47 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2004-12-15, 03:47:16, Clean Fail: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 12/15/2004 00:17:17 VSAPI Engine Version : 7.000-1004 VSCANTM Version : 1.1-1001 Virus Pattern Version : 297 (81045 Patterns) (2004/12/14) (229700) Command Line: C:\virus\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\virus 257155 files have been read. 257155 files have been checked. 132570 files have been scanned. 214621 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 12/15/2004 03:47:16 3 hours 29 minutes 53 seconds (12592.47 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2004-12-15, 03:47:16, Scanner "C:\virus\VSCANTM.BIN" has finished running. "David H. Lipman" wrote in message ... 1) Download the following three items... Trend Sysclean Package http://www.trendmicro.com/download/dcs.asp Latest Trend signature files. http://www.trendmicro.com/download/pattern.asp Adaware SE (free personal version v1.05) http://www.lavasoftusa.com/ Create a directory. On drive "C:\" (e.g., "c:\New Folder") or the desktop (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder") Download SYSCLEAN.COM and place it in that directory. Download the Trend Pattern File by obtaining the ZIP file. For example; lpt297.zip Extract the contents of the ZIP file and place the contents in the same directory as SYSCLEAN.COM. 2) Update Adaware with the latest definitions. 3) If you are using WinME or WinXP, disable System Restore http://vil.nai.com/vil/SystemHelpDoc...SysRestore.htm 4) Reboot your PC into Safe Mode 5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your platform and clean/delete any infectors/parasites found. (a few cycles may be needed) 6) Restart your PC and perform a "final" Full Scan of your platform using both the Trend Sysclean utility and Adaware 7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB), 8) Reboot your PC. 9) If you are using WinME or WinXP, create a new Restore point * * * Please report back your results * * * Dave "Mctabish johnsonclan.net" mc@ nospam wrote in message news:djLvd.261249$R05.174154@attbi_s53... | I somehow have somehow become infected. with VX2, IGETNET, ugroup and popup. | I seem to have made progress with igetnet, but not the others. | | I have ran the latest mcafee, spybot and adware. I have used ad awares VX2 | removal tool but it reports "system clean" yet ad aware continues to find | VX2 files. I try to delete, but always atleast ONE file is in use. I have | rebooted to COMMAND PROMT and deleted what files I could find that were | trying to be deleted, but one or two I have not been able to find. | | I keep getting POPup every several moment, the usually want to sell me | either a spyware package, or a performace package (can you spell BLACKMAIL?) | | Please help! I am afraid to send or recieve email, and being on the WEB is a | real pain. (even though the popup come when I am not on the web, they come | much higher rate when I am. | | also, on boot up, I get a rundll error "An exception occured while trying to | run ""c:\windows\system32\filename.dll",UMonitor" | | TIA | Mc | | |
#4
|
|||
|
|||
Help please with VX2, IGETNET, ugroup and popups
"Mctabish johnsonclan.net" mc@ nospam wrote in message news:djLvd.261249$R05.174154@attbi_s53... I somehow have somehow become infected. with VX2, IGETNET, ugroup and popup. I seem to have made progress with igetnet, but not the others. I have ran the latest mcafee, spybot and adware. I have used ad awares VX2 removal tool but it reports "system clean" yet ad aware continues to find VX2 files. I try to delete, but always atleast ONE file is in use. I have rebooted to COMMAND PROMT and deleted what files I could find that were trying to be deleted, but one or two I have not been able to find. I keep getting POPup every several moment, the usually want to sell me either a spyware package, or a performace package (can you spell BLACKMAIL?) Please help! I am afraid to send or recieve email, and being on the WEB is a real pain. (even though the popup come when I am not on the web, they come much higher rate when I am. also, on boot up, I get a rundll error "An exception occured while trying to run ""c:\windows\system32\filename.dll",UMonitor" TIA Mc I'm not familair with what you call "ugroup", but you can get a VX2 removal tool he http://subratam.org/?page=removal Bob |
Thread Tools | |
Display Modes | |
|
|