Solve : Here are my 3 logs. Virus or something else I need to delete ?

1.	Solve : Here are my 3 logs. Virus or something else I need to delete ??
Answer» Quote EarthLink Accelerator EarthLink Common Authentication EarthLink MailBox EarthLink Wireless High Speed Have you tried using Revo uninstaller to remove these? Download Revo Uninstaller * Open Revo and let the list populate (can take several seconds to finish). * Right click what you want to uninstall and choose Uninstall * Next choose Advanced then click Next * This will (try to) launch the programs built in uninstaller and go through the normal uninstall process. * If the uninstaller fails just continue on with the Revo instructions. * Once complete: In Revo Uninstaller click Next and Revo will scan the registry for leftovers. * This scan can take several seconds. * Once the results are shown LOOK at each one to ENSURE they are all related to the program that was uninstalled. * Choose Select All then click Delete * Click Next and Revo will scan for any files or folders that were not removed. * If any files/folders are found choose Select all > DeleteOk, I think I was successful. I only found one Earthlink program to uninstall. Did I miss anything ? I tried to uninstall Earthlink toolbar, but it gave me a message that said something like, "the uninstaller can only be USED with programs that are currently installed". I was also having a problem with Logitech.....is that still there, too? Thanks in advance !Quote from: TriciaM on November 14, 2009, 07:33:47 PM Ok, I think I was successful. I only found one Earthlink program to uninstall. Did I miss anything ? I tried to uninstall Earthlink toolbar, but it gave me a message that said something like, "the uninstaller can only be used with programs that are currently installed". If you already have ComboFix be sure to delete it and download a new copy. Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 Note: It is IMPORTANT that it is saved directly to your Desktop DO NOT run it yet! Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: Driver:: ADSFilter ADSMonitor EarthLinkSafeConnectDriver EarthLinkSafeConnectFilter EarthLinkSafeConnectShim Folder:: c:\program files\earthlink 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze** Quote from: TriciaM on November 14, 2009, 07:33:47 PM I was also having a problem with Logitech.....is that still there, too? Thanks in advance ! What problem? What model of Logitech QuickCam is it?Hopefully the combofix log is attached.... [Saving space, attachment deleted by admin]Ref to Logitech quickcam, I think it is the Fusion. I cannot find the software, but I will look further.Quote from: TriciaM on November 21, 2009, 07:12:40 PM Ref to Logitech quickcam, I think it is the Fusion. If that's it then this is the software. QuickCam® Fusion http://www.logitech.com/pub/techsupport/quickcam/qc1051enu.exe If not then the rest of the downloads are here. Webcam software and driver support for Windows * Click START then RUN - Vista users press the Windows Key and the R keys for the Run box. * Now type Combofix /Uninstall in the runbox * Make sure there's a space between Combofix and /Uninstall * Then hit Enter * The above procedure will: * Delete the following: * ComboFix and its associated files and folders. * Reset the clock settings. * Hide file extensions, if required. * Hide System/Hidden files, if required. * Set a new, clean Restore Point. The above was done. Thanks.Ok, I thought I was done....I just got an error message stating that it is not safe to continue and that I may be infected with the file patching virus called "virut"......the error message is the tan/blue window.....Download Dr.Web CureIt and save it to your desktop. Scan with DrWeb-CureIt as follows: Double-click on drweb-cureit.exe and then click Start An information notice will appear, click OK. This starts a short scan that will scan the files currently running in memory. If you get a prompt to buy the full version just exit out of the window. The scanner will still work without buying the full version If or when something is found, click the Yes button when it asks you if you want to cure it. Once the short scan has finished, Click Settings > Change Settings Under the Scanning tab UNcheck Heuristic analysis and click OK Back at the main window, select the Complete scan button and then click the Green Arrow Start Scanning button on the right and the scan will start. Click Yes to all if it asks if you want to cure/move any file(s). When the scan is done. In the Dr.Web CureIt menu on top left, click File and choose Save report list. Save the DrWeb.csv report to your Desktop. Exit Dr.Web Cureit. Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot. . * After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad * Copy and paste that log in the next replyIt's not done scanning...however...it found this: C:\windows\system32\DSRIRREM.EXE and told me that it is infected with Trojan.Downloader.origin and cannot be cured.DSRIRREM.EXE;C:\WINDOWS\system32;Trojan.DownLoader.origin;Incurable.Moved.; gtdownde_110.ocx;C:\WINDOWS\system32;Probably DLOADER.Trojan;Incurable.Deleted.; RegUBP2b-Tricia & Roger.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.; DSRIRREM.EXE;C:\I386;Trojan.DownLoader.origin;Incurable.Moved.; A0216056.EXE;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1818;Trojan.DownLoader.origin;Incurable.Moved.; A0216058.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1818;Trojan.StartPage.1505;Deleted.; A0216059.EXE;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1818;Trojan.DownLoader.origin;Incurable.Moved.; There is no indication of a Virut infection.When the Dr. Web program scanned and moved items (viruses), did I need to do something to those? And hopefully, this isn't a dumb question, but where exactly does the Dr. Web move them to? Thanks for all your help !Also, I wanted to ask, is it safe to say that these viruses are ALLOWED in by me, by opening attachments, "accepting" on Zone Alarm, or downloading games, etc. ? Thanks again !I believe the quarantined files go to C:\Program Files\DrWeb\Quarantine or C:\{user profile}\DrWeb\Quarantine Quote from: TriciaM on November 30, 2009, 07:26:53 PM Also, I wanted to ask, is it safe to say that these viruses are allowed in by me, by opening attachments, "accepting" on Zone Alarm, or downloading games, etc. ? Thanks again ! Yes usually they get in by clicking on something. Not all antivirus will stop a rouge program since it isn't actually a virus.

Solve : Here are my 3 logs. Virus or something else I need to delete ??

Answer»

Quote

EarthLink Accelerator
EarthLink Common Authentication
EarthLink MailBox
EarthLink Wireless High Speed

Have you tried using Revo uninstaller to remove these?

Download Revo Uninstaller

* Open Revo and let the list populate (can take several seconds to finish).
* Right click what you want to uninstall and choose Uninstall
* Next choose Advanced then click Next
* This will (try to) launch the programs built in uninstaller and go through the normal uninstall process.
* If the uninstaller fails just continue on with the Revo instructions.
* Once complete: In Revo Uninstaller click Next and Revo will scan the registry for leftovers.
* This scan can take several seconds.
* Once the results are shown LOOK at each one to ENSURE they are all related to the program that was uninstalled.
* Choose Select All then click Delete
* Click Next and Revo will scan for any files or folders that were not removed.
* If any files/folders are found choose Select all > DeleteOk, I think I was successful. I only found one Earthlink program to uninstall. Did I miss anything ? I tried to uninstall Earthlink toolbar, but it gave me a message that said something like, "the uninstaller can only be USED with programs that are currently installed".

I was also having a problem with Logitech.....is that still there, too? Thanks in advance !Quote from: TriciaM on November 14, 2009, 07:33:47 PM

Ok, I think I was successful. I only found one Earthlink program to uninstall. Did I miss anything ? I tried to uninstall Earthlink toolbar, but it gave me a message that said something like, "the uninstaller can only be used with programs that are currently installed".

If you already have ComboFix be sure to delete it and download a new copy.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is IMPORTANT that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]KillAll::

Driver::
ADSFilter
ADSMonitor
EarthLinkSafeConnectDriver
EarthLinkSafeConnectFilter
EarthLinkSafeConnectShim

Folder::
c:\program files\earthlink

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

Quote from: TriciaM on November 14, 2009, 07:33:47 PM

I was also having a problem with Logitech.....is that still there, too? Thanks in advance !

What problem?

What model of Logitech QuickCam is it?Hopefully the combofix log is attached....

[Saving space, attachment deleted by admin]Ref to Logitech quickcam, I think it is the Fusion. I cannot find the software, but I will look further.Quote from: TriciaM on November 21, 2009, 07:12:40 PM

Ref to Logitech quickcam, I think it is the Fusion.

If that's it then this is the software.

QuickCam® Fusion http://www.logitech.com/pub/techsupport/quickcam/qc1051enu.exe

If not then the rest of the downloads are here. Webcam software and driver support for Windows

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /Uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.
The above was done. Thanks.Ok, I thought I was done....I just got an error message stating that it is not safe to continue and that I may be infected with the file patching virus called "virut"......the error message is the tan/blue window.....Download Dr.Web CureIt and save it to your desktop.

Scan with DrWeb-CureIt as follows:

Double-click on drweb-cureit.exe and then click Start
An information notice will appear, click OK.
This starts a short scan that will scan the files currently running in memory.
If you get a prompt to buy the full version just exit out of the window. The scanner will still work without buying the full version
If or when something is found, click the Yes button when it asks you if you want to cure it.

Once the short scan has finished, Click Settings > Change Settings
Under the Scanning tab UNcheck Heuristic analysis and click OK
Back at the main window, select the Complete scan button and then click the Green Arrow Start Scanning button on the right and the scan will start.
Click Yes to all if it asks if you want to cure/move any file(s).
When the scan is done.
In the Dr.Web CureIt menu on top left, click File and choose Save report list.
Save the DrWeb.csv report to your Desktop.
Exit Dr.Web Cureit.
Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

.
* After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
* Copy and paste that log in the next replyIt's not done scanning...however...it found this: C:\windows\system32\DSRIRREM.EXE and told me that it is infected with Trojan.Downloader.origin and cannot be cured.DSRIRREM.EXE;C:\WINDOWS\system32;Trojan.DownLoader.origin;Incurable.Moved.;
gtdownde_110.ocx;C:\WINDOWS\system32;Probably DLOADER.Trojan;Incurable.Deleted.;
RegUBP2b-Tricia & Roger.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
DSRIRREM.EXE;C:\I386;Trojan.DownLoader.origin;Incurable.Moved.;
A0216056.EXE;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1818;Trojan.DownLoader.origin;Incurable.Moved.;
A0216058.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1818;Trojan.StartPage.1505;Deleted.;
A0216059.EXE;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1818;Trojan.DownLoader.origin;Incurable.Moved.;
There is no indication of a Virut infection.When the Dr. Web program scanned and moved items (viruses), did I need to do something to those? And hopefully, this isn't a dumb question, but where exactly does the Dr. Web move them to? Thanks for all your help !Also, I wanted to ask, is it safe to say that these viruses are ALLOWED in by me, by opening attachments, "accepting" on Zone Alarm, or downloading games, etc. ? Thanks again !I believe the quarantined files go to C:\Program Files\DrWeb\Quarantine or C:\{user profile}\DrWeb\Quarantine

Quote from: TriciaM on November 30, 2009, 07:26:53 PM

Also, I wanted to ask, is it safe to say that these viruses are allowed in by me, by opening attachments, "accepting" on Zone Alarm, or downloading games, etc. ? Thanks again !

Yes usually they get in by clicking on something. Not all antivirus will stop a rouge program since it isn't actually a virus.

Solve : Here are my 3 logs. Virus or something else I need to delete ??

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment