Solve : Spanish warning/IE temp files virus?

1.	Solve : Spanish warning/IE temp files virus?
Answer» I am in need of help. I have a virus I cannot get rid of at this time. First off I can detect with Norton Corp Edition, the following is the message: CA7HDW2U.htm] C:\Documents and Settings\user name\Local Settings\Temporary Internet Files\Content.IE5\G32YXKAX\ Type: Downloader. I cannot get rid of it. It is causing a Spanish warning to pop-up everytime it is detected and I cannot access temp IE files through explorer only run. Does anyone have any ideas I am stumped. I have tried Malwarebytes, Norton, and Spybot and only Norton detects it but it only replicates to another folder. Attached are the appropriate logs and a snapshop of the warning Thanks beforehand [recovering disk space -- attachment deleted by admin]I (as well as Microsoft, McAfee and Symantec) recommend that you DO NOT have more than one antivirus product installed and running on your computer at a time. The real-time protection of two antivirus programs may conflict with each other and cause the following: 1) False Alarms: When the ANTI virus software tells you that your PC has a virus when it actually doesn't. 2) Conflicts: Your system may lock up due to both products attempting to access the same file at the same time. 3) Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen. I strongly suggest you either configure only one antivirus program to enable automatic real-time scanning, and leave the REST disabled, using them for on-demand scanners or go to Start > Control PANEL > Add or Remove Programs and uninstall all but one antivirus program. ---------- Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) - F3 - REG:win.ini: run="" - O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) - O4 - HKLM\..\Run: [IUpd655] C:\WINDOWS\system32\mscdexntp.exe_.exe - O18 - Filter hijack: text/html - {865c4b06-774c-4991-947c-7fd31a5e2c57} - (no file) Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis ---------- Download OTMoveIt2 by OldTimer Save it to your desktop. . Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator. Double-click OTMoveIt2.exe to run it. Copy the lines in the codebox below. Code: [Select][kill explorer] C:\WINDOWS\system32\mscdexntp.exe_.exe EmptyTemp [start explorer] Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste Click the red Moveit! button. Copy everything in the Results window (under the green bar) and paste it in your next reply. Close OTMoveIt2 . Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway. ---------- How is everything now?Explorer killed successfully C:\WINDOWS\system32\mscdexntp.exe_.exe moved successfully. < EmptyTemp > File delete failed. C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\~DF8572.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\~DF9361.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\~DFC6B6.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\~DFC6C3.tmp scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09102008_094552 Thanks for the help I need to reboot to see. I still cannot acees temp files. Then do not know about the other problem until detected. Will however take the advice on the virus protection.Download SDFix by AndyManchesta and save it to your desktop. When using this tool, you must use the Administrator's ACCOUNT or an account with Administrative rights Double click SDFix.exe and it will extract the files to %systemdrive% (this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet. Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". Open the SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt. Copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log. Here is the next log files. Still no temp files [recovering disk space -- attachment deleted by admin] Quote Still no temp files What exactly do you mean by this? There is still two antivirus installed! Which one do you want to keep? McAfee SecurityCenter or Symantec AntiVirus. I will go with Symantec. I cannot get to the temp ie files without pathing it out through the run commandGo to add or remove programs and uninstall everything related to McAfee. Next install and run the McAfee Consumer Products Removal Tool. http://service.mcafee.com/FAQDocument.aspx?id=107083&lc=1033 Be sure the computer has been restarted after it is finished. Now run a new HijackThis scan and post the log. Here you go. Here is the requested file. The Spanish warning has not come up all day Thanks [recovering disk space -- attachment deleted by admin]Do you use Verizon Broadband? If not then uninstall the Verizon Broadband Toolbar. Final steps. Download OTCleanIt.exe and save it to your Desktop. Double-click OTCleanIt.exe. Click the CleanUp! button. Select Yes when the "Begin cleanup Process?" prompt appears. If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes, if not delete it yourself. . ---------- Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed. Go to Start > Programs > Accessories > System Tools and click System Restore Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create. The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore. Next go to Start > Run and type Cleanmgr Click OK Click the More Options Tab. Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one. You can find instructions on how to enable and re-enable system restore here: Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software. Click Start Now Check the box next to Enable thorough system inspection. Click Start Allow the scan to finish and scroll down to see if any updates are needed. Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain COOKIES from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

Answer»

I am in need of help. I have a virus I cannot get rid of at this time. First off I can detect with Norton Corp Edition, the following is the message:

CA7HDW2U.htm]
C:\Documents and Settings\user name\Local Settings\Temporary Internet Files\Content.IE5\G32YXKAX\
Type: Downloader.

I cannot get rid of it. It is causing a Spanish warning to pop-up everytime it is detected and I cannot access temp IE files through explorer only run. Does anyone have any ideas I am stumped. I have tried Malwarebytes, Norton, and Spybot and only Norton detects it but it only replicates to another folder.

Attached are the appropriate logs and a snapshop of the warning Thanks beforehand

[recovering disk space -- attachment deleted by admin]I (as well as Microsoft, McAfee and Symantec) recommend that you DO NOT have more than one antivirus product installed and running on your computer at a time.

The real-time protection of two antivirus programs may conflict with each other and cause the following:

1) False Alarms: When the ANTI virus software tells you that your PC has a virus when it actually doesn't.
2) Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
3) Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.

I strongly suggest you either configure only one antivirus program to enable automatic real-time scanning, and leave the REST disabled, using them for on-demand scanners or go to Start > Control PANEL > Add or Remove Programs and uninstall all but one antivirus program.

----------

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

- F3 - REG:win.ini: run=""
- O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
- O4 - HKLM\..\Run: [IUpd655] C:\WINDOWS\system32\mscdexntp.exe_.exe
- O18 - Filter hijack: text/html - {865c4b06-774c-4991-947c-7fd31a5e2c57} - (no file)

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis

----------

Download OTMoveIt2 by OldTimer

Save it to your desktop.

.
Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator.

Double-click OTMoveIt2.exe to run it.
Copy the lines in the codebox below.

Code: [Select][kill explorer]
C:\WINDOWS\system32\mscdexntp.exe_.exe
EmptyTemp
[start explorer]

Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste

Click the red Moveit! button.
Copy everything in the Results window (under the green bar) and paste it in your next reply.
Close OTMoveIt2

.
Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

----------

How is everything now?Explorer killed successfully
C:\WINDOWS\system32\mscdexntp.exe_.exe moved successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\~DF8572.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\~DF9361.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\~DFC6B6.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\~DFC6C3.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09102008_094552

Thanks for the help I need to reboot to see.
I still cannot acees temp files. Then do not know about the other problem until detected. Will however take the advice on the virus protection.Download SDFix by AndyManchesta and save it to your desktop.

When using this tool, you must use the Administrator's ACCOUNT or an account with Administrative rights

Double click SDFix.exe and it will extract the files to %systemdrive%
(this is the drive that contains the Windows Directory, typically C:\SDFix).
DO NOT use it just yet.

Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.

Type Y to begin the cleanup process.
It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
Copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log.

Here is the next log files. Still no temp files

[recovering disk space -- attachment deleted by admin] Quote

Still no temp files

What exactly do you mean by this?

There is still two antivirus installed!

Which one do you want to keep? McAfee SecurityCenter or Symantec AntiVirus.
I will go with Symantec. I cannot get to the temp ie files without pathing it out through the run commandGo to add or remove programs and uninstall everything related to McAfee.

Next install and run the McAfee Consumer Products Removal Tool.
http://service.mcafee.com/FAQDocument.aspx?id=107083&lc=1033
Be sure the computer has been restarted after it is finished.

Now run a new HijackThis scan and post the log.

Here you go. Here is the requested file. The Spanish warning has not come up all day Thanks

[recovering disk space -- attachment deleted by admin]Do you use Verizon Broadband? If not then uninstall the Verizon Broadband Toolbar.

Final steps.

Download OTCleanIt.exe and save it to your Desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it yourself.

.
----------

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

Go to Start > Programs > Accessories > System Tools and click System Restore
Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
Next go to Start > Run and type Cleanmgr
Click OK
Click the More Options Tab.
Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide or Windows Vista System Restore Guide
.
----------

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

To prevent unknown applications from being installed on your computer install WinPatrol 2008
* Using Winpatrol to protect your computer from malicious software

I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain COOKIES from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

Solve : Spanish warning/IE temp files virus?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment