Help with Win32:Adan-094 [adw] and Win32:Adan-078 [adw]

Hey, for the past few days avast! has been notifying me that these malware programs have been attempting to download onto the computer and offers to “abort connection” but when I use the avast! scan nothing shows up…how can I get rid of these things!?

Here is my hijack this report thingy:

Logfile of HijackThis v1.99.1
Scan saved at 2:42:37 AM, on 10/8/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Curtis\My Documents\My Received Files\hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\Program Files\SurfSideKick 2\SskBho.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AdwareFilter - {1028F737-81E7-452B-A860-E50CAD90A08C} - C:\Program Files\AdwareFilterToolBar\AdwareFilter.dll (file missing)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
O4 - HKLM..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [dmfvd.exe] C:\WINDOWS\System32\dmfvd.exe
O4 - HKLM..\Run: [hgqhp.exe] C:\WINDOWS\System32\hgqhp.exe
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU..\Run: [Spyware Doctor] “C:\Program Files\Spyware Doctor\swdoctor.exe” /Q
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://spaces.msn.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://components.metastream.com/MTSInstallers/MetaStream3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip..{06DF763F-7898-430D-B868-08EA4C58C68B}: NameServer = 85.255.113.106,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip..{3C24AB2B-BC33-402F-A75B-9CD6A99FFA02}: NameServer = 85.255.113.106,85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip..{06DF763F-7898-430D-B868-08EA4C58C68B}: NameServer = 85.255.113.106,85.255.112.15
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)

any help is appretiated!

Hi Curt_101,

The point of the avast! Webshield warnings is that avast! has stopped the malware getting onto your computer, so hopefully your log will be clean. (I’ll do a check just to make sure.)

Webshield blocks internet malware: just click the abort button and carry on browsing! (Although you may want to think twice about browsing a site which is trying to infect you with malware!)

Curt_101,

You need to update your OS and browser, but before that, there are a couple of malware items to clean up!

These random filenames are almost certainly Trojans:

O4 - HKLM..\Run: [dmfvd.exe] C:\WINDOWS\System32\dmfvd.exe

O4 - HKLM..\Run: [hgqhp.exe] C:\WINDOWS\System32\hgqhp.exe

I suggest you run the Ewido anti-Trojan program, as well as a boot time scan with avast! and then check if they are still there. If they are, fix them, reboot into safe mode and delete the files. They may be in temp folders, so run CCleaner to delete all your temp folders.

http://www.ewido.net/en/ (Download, install, update, then run off-line.)
http://www.ccleaner.com/

Download a free firewall as well and install it after you have run the Ewido scan, or at least activate XP’s firewall if you have XP.

HijackThis! Analyzer has highlighted these entries as malware:

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll

CastleCops says only ‘open to debate.’ Suggest you remove them if you do not need this toolbar.

This entry should be fixed:

O15 - Trusted Zone: *.musicmatch.com (HKLM)

(Or you can remove this entry from Trusted Zones in IE.)

These entries can be removed as the file is missing:

O3 - Toolbar: AdwareFilter - {1028F737-81E7-452B-A860-E50CAD90A08C} - C:\Program Files\AdwareFilterToolBar\AdwareFilter.dll (file missing)

O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)

Finally, go to the MS update site and download every critical update: your OS and browser are vulnerable to infection.

Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. Wit limited rights the malware can’t put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done.

So when you are clear, give yourself a fighting chance.
Check out the link to DropMyRights - Browsing the Web and Reading E-mail Safely as an Administrator, in my signature below.

thanks for the help! I’ll see if this will work for me now :slight_smile:

Welcome to the forums.

I’ve got the same problem, but for me it seems that I’ve got a seriously infection.


ewido security suite - Scan report

  • Created on: 18:20:33, 19-10-2005

  • Report-Checksum: 89D2EFC1

  • Scan result:

    [692] VM_00DA0000 → TrojanDownloader.Agent.uj : Error during cleaning
    [716] VM_00B80000 → TrojanDownloader.Agent.uj : Error during cleaning
    [1684] VM_00A90000 → TrojanDownloader.Agent.uj : Error during cleaning
    [1848] VM_00BF0000 → TrojanDownloader.Agent.uj : Error during cleaning
    [640] VM_003C0000 → TrojanDownloader.Agent.uj : Error during cleaning
    [852] VM_00B10000 → TrojanDownloader.Agent.uj : Error during cleaning
    [856] VM_003B0000 → TrojanDownloader.Agent.uj : Error during cleaning
    [784] VM_003D0000 → TrojanDownloader.Agent.uj : Error during cleaning
    [960] VM_003D0000 → TrojanDownloader.Agent.uj : Error during cleaning
    [1204] VM_00AB0000 → TrojanDownloader.Agent.uj : Error during cleaning
    [1256] VM_01380000 → TrojanDownloader.Agent.uj : Error during cleaning
    [1276] VM_00AC0000 → TrojanDownloader.Agent.uj : Error during cleaning
    [1312] VM_00C70000 → TrojanDownloader.Agent.uj : Error during cleaning
    [1332] VM_00C40000 → TrojanDownloader.Agent.uj : Error during cleaning
    [1608] VM_01C00000 → TrojanDownloader.Agent.uj : Error during cleaning
    [3696] VM_00AD0000 → TrojanDownloader.Agent.uj : Error during cleaning
    [3984] VM_00B10000 → TrojanDownloader.Agent.uj : Error during cleaning
    [1424] VM_00D90000 → TrojanDownloader.Agent.uj : Error during cleaning
    C:\Documents and Settings\nESKk\Cookies\neskk@com[2].txt → Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\nESKk\Cookies\neskk@fastclick[2].txt → Spyware.Cookie.Fastclick : Cleaned with backup

::Report End

Logfile of HijackThis v1.99.1
Scan saved at 18:20:46, on 19-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avast!\aswUpdSv.exe
C:\Program Files\Avast!\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\VirtualCloneDrive\VCDDaemon.exe
C:\PROGRA~1\Avast!\ashDisp.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\CloneCD\CloneCDTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\LeechGet\LeechGet.exe
C:\Games\Steam\Steam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\OpenOffice\program\soffice.exe
C:\Program Files\Avast!\ashMaiSv.exe
C:\Program Files\Avast!\ashWebSv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Avast!\ashSimpl.exe
C:\Documents and Settings\nESKk\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 210.21.235.78:3128
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM..\Run: [VirtualCloneDrive] “C:\Program Files\VirtualCloneDrive\VCDDaemon.exe” /s
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\Avast!\ashDisp.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM..\Run: [CloneCDTray] “C:\Program Files\CloneCD\CloneCDTray.exe” /s
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [yaemu.exe] C:\WINDOWS\system32\yaemu.exe
O4 - HKCU..\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU..\Run: [LeechGet] “C:\Program Files\LeechGet\LeechGet.exe” -intray
O4 - HKCU..\Run: [Steam] C:\Games\Steam\Steam.exe -silent
O4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\OpenOffice\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Analisar com LeechGet - file://C:\Program Files\LeechGet\Parser.html
O8 - Extra context menu item: Download usando Assistente LeechGet - file://C:\Program Files\LeechGet\Wizard.html
O8 - Extra context menu item: Download usando LeechGet - file://C:\Program Files\LeechGet\AddUrl.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O17 - HKLM\System\CCS\Services\Tcpip..{3DB5AD00-9FBE-4A01-A021-F5F59A2AD9DE}: NameServer = 85.255.114.103,85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip..{72CA9F46-4740-4284-9F14-FCAFF83C3AED}: NameServer = 85.255.114.103,85.255.112.5
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing)
O20 - Winlogon Notify: WB - C:\PROGRA~1\WINDOW~4\fastload.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast!\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast!\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast!\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast!\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

I’m pulling my hair of my head with this annoying %$#%"!
I’ve already tried: AdWare, ewido, CCleaner. Please help me!

For an on-line analysis - HiJackThis Log file - On-line Analysis
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast).
OR HiJackThis Log file - On-line Analysis 2

Check out the unknown and nasty, using google, etc. if you need any help with any of the analysis let us know.

i have had the same problem with these warnings. I just need to mention that one does not (at least eventually) need to be running a browser (and browsing ‘weird’ sites etc) or anything; simply beeing connected to the internet seems to be more than enough…
Anyway a thing that i tried and it seems to work so far is the URL blocking option in the Web Shield of avast. more specificly I blocked this adress : http://85.255.* ,since the rest it is changing from time to time. I haven’t run the on-boot scan yet, but am going to in a while.
This trick kinda works so far so good. It probably doesnt eliminate the problem, but at least stops the non-stopping and extreeeeemly-annoying warnings.

Blocking an address is not resolving the problem just masking it (stopping the warnings), you have to deal with the program/process that is trying to connect there.

I suggest that you follow the advice in FreewheelinFrank 2nd post (ignoring any specific file names), run what ever programs he mentioned and also the hijackthis program.

I’ve recently had on a couple of times had problems with this pest. Delete the Run quoted and delete the file seems to work. Some ti,e later, yaemu.exe has returned to haunt me again so I need to find out which site is doing it, and not go back.

Hope this info helps in any way