THE FOLLOWING ITEMS ARE NOT NEEDED TO LOAD
AT BOOTTIME FOR THE SYSTEM TO WORK PROPERLY :
--------------------------------------------------------------------------------
o4 - hklm\..\run: [loadqm] loadqm.exe
o4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
What do I do to stop these programs loading at boottime then?
My settings are already to show all files, but I forgot to reboot after the last scan so I’ll reboot PC and rerun scan to see if C:\SEXO120gb has gone.
What do I do to stop these programs loading at boottime then?
Just remove the entrys using hijackthis, basicly there programs that are not vital to the system, so this stops them starting up at boottime which savws time, they can be run manuly from windows if ever needed though.
Lee,
Results of latest scan after rebooting are attached.
Unfortunately C:\SEXO120gb is still there.
Any more ideas on getting rid of it?
pjfb
Logfile of HijackThis v1.99.1
Scan saved at 13:27:46, on 06/03/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Log created on : 06-03-2005 07:03:15
Analyzer version : 11
bad.dat version : 33
good.dat version : 35
rec.dat version : 26
dasb.dat version : 7
sus.dat version : 14
fire.dat version : 3
CHECKING HIJACKTHIS, WINDOWS, INTERNET EXPLORER AND FIREWALL :
You are using the latest version of Internet Explorer.
Software firewall detected.
GENERAL INFORMATION :
All items in the original HijackThis log file which
are not shown here need further investigation.
Also please note that the following item is not listed in the safe items:
O4 - HKLM..\Run: [SEXO120gb] C:\SEXO120gb\SEXO120GB[1].EXE -t
and I would therefor also correct this item.
Are you just deleting it to recycle bin, or fully deleting te folder?
What scanners have you run?, where they up to date?
if you kill all processes apart from System tray and Explorer (Alt + Ctrl + Del) then delete the folder and remove the key using hijackthis does it work?
The problem is “O4 - HKLM..\Run: [SEXO120gb] C:\SEXO120gb\SEXO120GB[1].EXE -t” and the corresponding folder keeps coming back, we release its a bad malware
Are you just deleting it to recycle bin, or fully deleting te folder?
What scanners have you run?, where they up to date?
I haven’t been able to delete it because I can’t find it! >:(
I ran a Find for it on the C: drive, using the standard Windows Find functionality in the Start menu. Is there some other sort of scanner I can download to hunt the little bleeder down? ???
Also,
Just remove the entrys using hijackthis, basicly there programs that are not vital to the system, so this stops them starting up at boottime which savws time, they can be run manuly from windows if ever needed though.
Do you mean I should tick these entries in HijackThis and click the Fix button? But won’t that delete them entirely? :-\
I haven't been able to delete it because I can't find it! Angry
I ran a Find for it on the C: drive, using the standard Windows Find functionality in the Start menu. Is there some other sort of scanner I can download to hunt the little bleeder down?
Hmm, very strange, when you go to Start > Run, there should be an advanced option below, there should be an option there to search for hidden files and folders, and subfolders, make sure there checked and search again.
If that still not find anything, go to My Computer > C, then look for “SEXO120gb”, if its not there, then its probably Gone by now, so just remove “O4 - HKLM..\Run: [SEXO120gb] C:\SEXO120gb\SEXO120GB[1].EXE -t” and reboot, it should then be gone.
Also,
Quote
Just remove the entires using hijackthis, basicly there programs that are not vital to the system, so this stops them starting up at boottime which saves time, they can be run manuly from windows if ever needed though.
Do you mean I should tick these entries in HijackThis and click the Fix button?
Yes
But won't that delete them entirely?
No, only the start up Reg key. The program itself will remain and will be fully usable.
Hmm, very strange, when you go to Start > Run, there should be an advanced option below, there should be an option there to search for hidden files and folders, and subfolders, make sure there checked and search again.
If that still not find anything, go to My Computer > C, then look for "SEXO120gb", if its not there, then its probably Gone by now, so just remove "O4 - HKLM\..\Run: [SEXO120gb] C:\SEXO120gb\SEXO120GB[1].EXE -t" and reboot, it should then be gone.
Done all that, but no joy.
Also, hadn't noticed before, but when I tick it in HijackThis, press the Fix Checked button and then do another Scan, it's still there. In other words the Fix isn't fixing it. Tough little so-and-so, eh?
However, thought of another line of attack: instead of entering sexo120gb in the “Named” box of the Find program, I entered it in the “Containing” text box and searched the C: drive again. This time it found it in various places, which are presumably the ones where the virus (or whatever it is) is lurking. I don’t know how to post the complete results of the Search here, but the main file locations seem to be (all in C:WINDOWS):
A DAT file called System
A DAT file called User
A file called ShellconCache
A LOG file called f-mydoom.log (I caught the Mydoom virus some months ago and had to download a fix for it)
A Registration Entries file called regLocal attached to a SpyBot backup
No you can't. Unless you are a programmer.
1 & 2 belong to the registry.
3 is the icon cache file (I assume you made a typo since it is named ShellIconCache)
4 that log could have been created by the fix. (You shouldn't have needed a fix because you would have never been infected if you had kept your system up-to-date)
5 is a file from spybot S&D
Click on the link in my signature and follow the instructions in the malware removal section. That will make sure that your system is clean. For help with HijackThis, same link but than ofcourse the HijackThis section.
1. A DAT file called System
2. A DAT file called User
3. A file called ShellconCache
4. A LOG file called f-mydoom.log (I caught the Mydoom virus some months ago and had to download a fix for it)
5. A Registration Entries file called regLocal attached to a SpyBot backup
Can I use this info to get at it in any way?
Im not sure there releated, have you done a though scan with Avast set to scan inside Archives, I take it you have scanned with Ad-Aware and Spybot as well.
Also try this, Open MSDOS (Start > Programs >Accessories (i think)) and the type DEL C:\SEXO120gb