TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA
1 edit | reply to Superman1234
Re: [Virus] Sending Spam
Not only has Kaspersky's Virus Removal Tool removes several infections, it has shown the apparent source of at least part of your infections - downloading infected files with LimeWire. As I pointed out in my previous post, even if you replace LimeWire with a clean P2P program, that only means that the program is clean, it doesn't mean that the files that you download will be, and you have infected mp3 files that were downloaded with it.
If you uninstalled LimeWire as recommended, then you should also delete the following folder, but first you will need to be sure you have hidden files and folders showing.
Reconfigure Windows XP to show hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.
c:\documents and settings\ATL\Application Data\LimeWire
Now you need to hide the files you un-hid earlier:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.
Under the Hidden files and folders heading unselect "Show hidden files and folders".
Check the "Hide protected operating system files (recommended)" option.
Click Yes to confirm. Click OK.
If you uninstalled Limewire as recommended, also do this:
Please run Notepad and paste the following text in the Quote box (between the lines) into a new file:
quote:
REGEDIT4
HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-
Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry. A window will open and quickly close.
We need to make sure you have the most recent version of ComboFix.
Delete your current copy of ComboFix.exe.
Download ComboFix© by sUBs from one of these links:
Save the file to your Desktop.
Close any open browsers.
Close your AntiVirus and any anti-spyware programs you may be running.
For this next step, please ensure that ComboFix.exe is on your desktop:
Please open Notepad*Do Not Use Wordpad!*(Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt" and change the "Save as type" to "All Files" and place it on your desktop.
quote:
File::
c:\windows\system32\BITA21.tmp
c:\windows\system32\BITA22.tmp
c:\windows\system32\BITA20.tmp
c:\windows\system32\barufutu.exe
c:\windows\system32\ratijipe.exe
c:\windows\system32\pisabupe.dll
c:\windows\system32\nopededo.dll
c:\windows\system32\limehabe.exe
c:\windows\system32\fujayagi.dll
c:\windows\system32\ligenisa.exe
c:\windows\system32\lonazaki.exe
c:\windows\system32\ludojila.exe
c:\windows\system32\malodoso.exe
c:\windows\system32\nokadeno.exe
Folder::
c:\documents and settings\All Users\Application Data\Viewpoint
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it will produce a log for you at C:\ComboFix.txt. Please post that log in your next reply.
Please post a new HijackThis log, the log from ComboFix (combofix.txt), and note any errors encountered.
--
Proud ASAP member since 2005 |
