Problem with Win32.zafi.b virus. Need help to remove it!!!

View previous topic View next topic Go down

Solved Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Ernest on 14th January 2009, 12:51 am

I have this pop up for the last 3 days. I have not been able to fix using different spyware and antivirus programs.

Thanks for your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:45:08 PM, on 1/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\program files\timbuktu pro\minitb2.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Documents and Settings\Angueira\Application Data\Google\yfijv17721328.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Documents and Settings\Angueira\Desktop\hijackgpthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {836F8BBB-C620-47CC-A1ED-0620B51A8F10} - C:\WINDOWS\system32\mlJYpQhi.dll (file missing)
O2 - BHO: {2cc2} - {8872e452-b445-4048-a5b1-999900ed843e} - C:\WINDOWS\system32\jyyvni.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E468195E-3B64-4A29-9EAD-EA244C1FF765} - C:\WINDOWS\system32\yayxurQG.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TLogonPath] "c:\program files\timbuktu pro\minitb2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Microsoft Update Machine] svohost.exe
O4 - HKLM\..\Run: [wclock] "C:\Documents and Settings\Angueira\Application Data\Google\yfijv17721328.exe" 2
O4 - HKLM\..\RunServices: [Microsoft Update Machine] svohost.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Angueira\Application Data\gadcom\gadcom.exe" 61A847B5BBF72810329B385572FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [Microsoft Update Machine] svohost.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: &Windows Live Search - [You must be registered and logged in to see this link.] Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - [You must be registered and logged in to see this link.] (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {136B0B2C-B45B-4CD3-983C-EE3FA0AB457F} (EonUISpace Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [You must be registered and logged in to see this link.]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - [You must be registered and logged in to see this link.]
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {72BDE761-9AAF-452F-84F7-378D7A6A6A62} (EonDownloadCenter Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: yayxurQG - yayxurQG.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12853 bytes

Ernest
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-01-14
OS OS : Windows XP
Points Points : 28860
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Problem with Win32.zafi.b virus. Need help to remove it!! (Continuation)

Post by Ernest on 14th January 2009, 12:52 am

Continuation:

Uninstall list:
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Ad-Aware
Adobe Flash Player ActiveX
Adobe Reader 7.0.5
Adobe® Photoshop® Album Starter Edition 3.0
ALPS Touch Pad Driver
Apple Software Update
Broadcom Management Programs 2
Conexant D110 MDC V.9x Modem
Dell Driver Reset Tool
Dell Media Experience
Dell Photo Printer 720
Dell Photo Printer 720 Logger
Dell Support Center
DellSupport
Digital Line Detect
ExamView Pro
GearDrvs
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java(TM) 6 Update 7
Macromedia Flash Player 8
Map Button (Windows Live Toolbar)
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Streets and Trips 2004
Microsoft Visual C++ 2005 Redistributable
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mToolkit
mWlsSafe
mXML
mZConfig
NetWaiting
Norton 360
OIN Analytics
OLYMPUS CAMEDIA Master 4.1
PowerDVD 5.5
QuickSet
QuickTime
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Smart Menus (Windows Live Toolbar)
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Symantec Technical Support Web Controls
Timbuktu Pro
Trend Micro Internet Security
Trend Micro Internet Security
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb958619)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
WebCyberCoach 3.2 Dell
Welty4e IR CD-Rom
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Service Pack 3

Ernest
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-01-14
OS OS : Windows XP
Points Points : 28860
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Belahzur on 14th January 2009, 12:53 am

Hello.
Bad news.

Your computer has multiple infections, including a backdoor. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.

You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

To help you understand more, please take some time to read the following articles:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Ernest on 14th January 2009, 1:01 am

Thanks for the advice. I'll connect using another computer to continue this conversation.

Ernest
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-01-14
OS OS : Windows XP
Points Points : 28860
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Ernest on 14th January 2009, 1:04 am

I don't think I have the resources to reinstall my OS.

Ernest
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-01-14
OS OS : Windows XP
Points Points : 28860
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Belahzur on 14th January 2009, 1:06 am

Okay, we will attempt to clean it, but as I said, this machine can never be trusted again.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {836F8BBB-C620-47CC-A1ED-0620B51A8F10} - C:\WINDOWS\system32\mlJYpQhi.dll (file missing)
    O2 - BHO: {2cc2} - {8872e452-b445-4048-a5b1-999900ed843e} - C:\WINDOWS\system32\jyyvni.dll (file missing)
    O2 - BHO: (no name) - {E468195E-3B64-4A29-9EAD-EA244C1FF765} - C:\WINDOWS\system32\yayxurQG.dll (file missing)
    O4 - HKLM\..\Run: [Microsoft Update Machine] svohost.exe
    O4 - HKLM\..\Run: [wclock] "C:\Documents and Settings\Angueira\Application Data\Google\yfijv17721328.exe" 2
    O4 - HKLM\..\RunServices: [Microsoft Update Machine] svohost.exe
    O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Angueira\Application Data\gadcom\gadcom.exe" 61A847B5BBF72810329B385572FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    O4 - HKCU\..\Run: [Microsoft Update Machine] svohost.exe
    O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - [You must be registered and logged in to see this link.] (file missing)
    O15 - Trusted Zone: [You must be registered and logged in to see this link.]
    O20 - Winlogon Notify: yayxurQG - yayxurQG.dll (file missing)


  • Press "Fix Checked"
  • Close Hijack This.

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Files to delete:
C:\Documents and Settings\Angueira\Application Data\Google\yfijv17721328.exe
C:\WINDOWS\svohost.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\hddgmom.exe
C:\WINDOWS\system32\lsasa.exe
C:\WINDOWS\system32\setupex.exe
C:\WINDOWS\system32\svohost.exe
C:\WINDOWS\system32\swchost.exe
C:\Documents and Settings\Angueira\Start Menu\Programs\startup\svchost.exe

Folders to delete:
C:\Documents and Settings\Angueira\Application Data\gadcom

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Click No for Optional Scan.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


Post the avenger log and DDS log.
Use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Ernest on 14th January 2009, 1:27 am

The link with access to download DDS by sUBs are not working.

Ernest
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-01-14
OS OS : Windows XP
Points Points : 28860
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Belahzur on 14th January 2009, 1:27 am

Can you run the avenger first? then post the report.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Ernest on 14th January 2009, 1:33 am

Here is the avenger report


Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "TDSSserv.sys" found!
ImagePath: \systemroot\system32\drivers\TDSSmaxt.sys
Driver disabled successfully.

Rootkit scan completed.

File "C:\Documents and Settings\Angueira\Application Data\Google\yfijv17721328.exe" deleted successfully.

Error: file "C:\WINDOWS\svohost.exe" not found!
Deletion of file "C:\WINDOWS\svohost.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\drivers\svchost.exe" deleted successfully.

Error: file "C:\WINDOWS\system32\hddgmom.exe" not found!
Deletion of file "C:\WINDOWS\system32\hddgmom.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\lsasa.exe" not found!
Deletion of file "C:\WINDOWS\system32\lsasa.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\setupex.exe" not found!
Deletion of file "C:\WINDOWS\system32\setupex.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\svohost.exe" not found!
Deletion of file "C:\WINDOWS\system32\svohost.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\swchost.exe" not found!
Deletion of file "C:\WINDOWS\system32\swchost.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Documents and Settings\Angueira\Start Menu\Programs\startup\svchost.exe" not found!
Deletion of file "C:\Documents and Settings\Angueira\Start Menu\Programs\startup\svchost.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Folder "C:\Documents and Settings\Angueira\Application Data\gadcom" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Ernest
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-01-14
OS OS : Windows XP
Points Points : 28860
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Belahzur on 14th January 2009, 1:34 am

Hello.
DDS link should work now.
Please run DDS and post that report.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Ernest on 14th January 2009, 1:38 am

Here is the DDS report


DDS (Ver_09-01-07.01) - NTFSx86
Run by Angueira at 19:35:16.04 on Tue 01/13/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.521 [GMT -6:00]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated)
FW: Trend Micro Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\program files\timbuktu pro\minitb2.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Documents and Settings\Angueira\Local Settings\Temporary Internet Files\Content.IE5\PT4K4XIM\dds[1].com

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
mSearch Page =
uInternet Settings,ProxyOverride = 127.0.0.1
mSearchAssistant = [You must be registered and logged in to see this link.]
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: []
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [TLogonPath] "c:\program files\timbuktu pro\minitb2.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dlbcserv.lnk - c:\program files\dell photo printer 720\dlbcserv.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: {E468195E-3B64-4A29-9EAD-EA244C1FF765} - No File
LSA: Authentication Packages = msv1_0 c:\windows\system32\mlJYpQhi

Ernest
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-01-14
OS OS : Windows XP
Points Points : 28860
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Ernest on 14th January 2009, 1:38 am

============= SERVICES / DRIVERS ===============

R1 Tb2MirrorSys;TB2 Remote Control Mirror Driver;NetopiaRC\Tb2MirrorSys.sys --> NetopiaRC\Tb2MirrorSys.sys [?]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-2-15 333328]
R3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2008-11-17 488768]
R3 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2008-11-17 648456]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-11-17 52240]
R4 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-2-15 36368]
S1 APPDRVV;APPDRVV;c:\windows\system32\drivers\appdrvv.sys --> c:\windows\system32\drivers\APPDRVV.sys [?]

=============== Created Last 30 ================

2009-01-13 19:20 904,192 a------- c:\windows\system32\rn.tmp
2009-01-11 15:41 2,204 a------- c:\windows\system32\TDSSlbqp.dll
2009-01-11 15:41 31,232 a------- c:\windows\system32\TDSSosvn.dll
2009-01-11 15:41 29,696 a------- c:\windows\system32\TDSSoeqh.dll
2009-01-11 15:41 441 a------- c:\windows\system32\TDSSmqxt.dat
2009-01-11 15:08 2,204 a------- c:\windows\system32\TDSSfxwp.dll
2009-01-11 15:08 61,440 -------- c:\windows\system32\TDSScfum.dll
2009-01-11 15:08 441 a------- c:\windows\system32\TDSSosvd.dat
2009-01-11 15:08 31,232 -------- c:\windows\system32\TDSSriqp.dll
2009-01-11 15:08 29,696 -------- c:\windows\system32\TDSSnrsr.dll
2009-01-11 15:05 35,840 a------- c:\windows\system32\TDSSofxh.dll
2009-01-11 15:05 60,416 a------- c:\windows\system32\drivers\TDSSmaxt.sys
2008-12-25 13:21 54,156 a---h--- c:\windows\QTFont.qfn
2008-12-25 13:21 1,409 a------- c:\windows\QTFont.for
2008-12-23 09:32 --d----- c:\windows\system32\scripting
2008-12-23 09:32 --d----- c:\windows\l2schemas
2008-12-23 09:32 --d----- c:\windows\system32\en
2008-12-23 09:32 --d----- c:\windows\system32\bits
2008-12-23 09:25 --d----- c:\windows\ServicePackFiles
2008-12-23 09:14 --d----- c:\windows\EHome
2008-12-22 22:43 333,824 -------- c:\windows\system32\dllcache\srv.sys
2008-12-22 22:40 1,846,400 -------- c:\windows\system32\dllcache\win32k.sys
2008-12-22 22:39 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-22 22:39 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-22 22:39 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-22 22:39 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-22 22:36 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-12-22 21:48 --d----- c:\program files\Lavasoft
2008-12-22 21:45 --d----- c:\program files\common files\Wise Installation Wizard
2008-12-21 21:22 23,576 a------- c:\windows\system32\wuapi.dll.mui
2008-12-21 21:17 5,749 a------- c:\windows\system32\cwkpqcdi.dll
2008-12-21 21:08 5,751 a------- c:\windows\system32\vphuwxrh.dll
2008-12-21 19:23 5,749 a------- c:\windows\system32\xcaolrst.dll
2008-12-20 20:47 5,751 a------- c:\windows\system32\tunqrgdf.dll
2008-12-20 20:41 5,749 a------- c:\windows\system32\cxdanxqm.dll
2008-12-20 09:03 5,751 a------- c:\windows\system32\tndvfkbr.dll
2008-12-20 08:57 5,749 a------- c:\windows\system32\iueelwpt.dll
2008-12-18 19:20 5,753 a------- c:\windows\system32\btlncrwx.dll
2008-12-18 10:17 5,753 a------- c:\windows\system32\mtyvsuos.dll
2008-12-18 10:14 5,749 a------- c:\windows\system32\dywpjpyv.dll
2008-12-17 05:36 5,749 a------- c:\windows\system32\xsifhwfl.dll
2008-12-17 05:30 5,753 a------- c:\windows\system32\xgtxrpxl.dll
2008-12-16 05:33 5,749 a------- c:\windows\system32\gpwotoyg.dll
2008-12-16 05:30 5,753 a------- c:\windows\system32\whyyslyr.dll
2008-12-15 05:26 5,753 a------- c:\windows\system32\knsrkkqb.dll
2008-12-14 20:36 5,749 a------- c:\windows\system32\ihnmrpai.dll
2008-12-14 20:32 5,753 a------- c:\windows\system32\liexursg.dll

==================== Find3M ====================

2009-01-11 18:37 16,384 a------- c:\windows\DCEBoot.exe
2008-12-30 15:50 147,456 a------- c:\windows\system32\vbzip10.dll
2008-12-22 14:49 937,879 a--sh--- c:\windows\system32\ihQpYJlm.ini2
2008-12-13 20:33 5,749 a------- c:\windows\system32\cvcxomuh.dll
2008-12-13 20:30 5,753 a------- c:\windows\system32\spdmrlic.dll
2008-12-13 00:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-12 20:32 5,753 a------- c:\windows\system32\gpjkfcae.dll
2008-12-12 20:29 5,749 a------- c:\windows\system32\geraudrm.dll
2008-12-11 20:36 5,753 a------- c:\windows\system32\xfekkvur.dll
2008-12-11 20:33 5,749 a------- c:\windows\system32\wujxpkpo.dll
2008-12-10 20:27 5,753 a------- c:\windows\system32\nyetmhhq.dll
2008-12-10 20:27 5,749 a------- c:\windows\system32\nxewmxdr.dll
2008-12-08 20:00 5,753 a------- c:\windows\system32\wjagqdfg.dll
2008-12-08 19:57 5,749 a------- c:\windows\system32\nxsyhryp.dll
2008-12-07 19:56 5,753 a------- c:\windows\system32\poftiiuj.dll
2008-12-07 19:56 5,749 a------- c:\windows\system32\nfusqbkl.dll
2008-12-06 23:33 5,749 a------- c:\windows\system32\gvaonjlf.dll
2008-12-05 23:35 5,753 a------- c:\windows\system32\kmlkduvt.dll
2008-12-05 23:32 5,749 a------- c:\windows\system32\igaqymfl.dll
2008-12-04 20:54 5,753 a------- c:\windows\system32\jgehmset.dll
2008-12-04 20:53 5,749 a------- c:\windows\system32\gpgykrol.dll
2008-12-03 21:09 5,753 a------- c:\windows\system32\aymagmyj.dll
2008-12-03 21:06 5,749 a------- c:\windows\system32\svbfknrg.dll
2008-12-02 21:07 5,749 a------- c:\windows\system32\tbrbqery.dll
2008-12-02 21:04 5,753 a------- c:\windows\system32\txwtuchv.dll
2008-12-02 21:03 5,753 a------- c:\windows\system32\dtkwcnap.dll
2008-12-01 06:22 5,753 a------- c:\windows\system32\qlxpxjaa.dll
2008-11-29 23:42 5,749 a------- c:\windows\system32\ebhanrof.dll
2008-11-29 23:40 5,753 a------- c:\windows\system32\atgladco.dll
2008-11-28 23:41 5,749 a------- c:\windows\system32\gjgswkmn.dll
2008-11-28 23:38 5,753 a------- c:\windows\system32\xbcibqbj.dll
2008-11-27 23:39 5,749 a------- c:\windows\system32\twuwusft.dll
2008-11-27 23:37 5,753 a------- c:\windows\system32\lrqmcflr.dll
2008-11-27 23:35 5,749 a------- c:\windows\system32\smwvjkrv.dll
2008-11-26 22:53 5,749 a------- c:\windows\system32\rjdncuhi.dll
2008-11-26 22:53 5,753 a------- c:\windows\system32\rpipkqlk.dll
2008-11-25 22:56 5,753 a------- c:\windows\system32\uajtntjs.dll
2008-11-25 22:44 5,749 a------- c:\windows\system32\mmhfcgkw.dll
2008-11-25 21:53 5,703 a------- c:\windows\system32\geBrsRHW.dll
2008-11-25 21:53 41,723 ---sh--- c:\program files\common files\Yazzle1396OinUninstaller.exe
2008-11-24 17:44 5,753 a------- c:\windows\system32\gqcgttvy.dll
2008-11-24 17:38 5,749 a------- c:\windows\system32\euewvcwb.dll
2008-11-24 17:37 5,753 a------- c:\windows\system32\bumdxfpl.dll
2008-11-23 08:41 5,753 a------- c:\windows\system32\ybdfhxvt.dll
2008-11-23 08:39 5,749 a------- c:\windows\system32\mphdhxej.dll
2008-11-22 14:54 359 a------- c:\documents and settings\angueira\de.bat
2008-11-22 14:54 128 a------- c:\documents and settings\angueira\sn.exe
2008-11-22 14:54 128 a------- c:\documents and settings\angueira\sn3.exe
2008-11-22 14:54 128 a------- c:\documents and settings\angueira\sn2.exe
2008-11-22 14:54 128 a------- c:\documents and settings\angueira\sn1.exe
2008-11-22 07:58 5,753 a------- c:\windows\system32\fpwcfisa.dll
2008-11-22 07:55 5,749 a------- c:\windows\system32\mrhtwnvw.dll
2008-11-21 06:06 5,753 a------- c:\windows\system32\krmjqlak.dll
2008-11-21 06:01 5,749 a------- c:\windows\system32\qqfpcfrs.dll
2008-11-20 06:02 5,749 a------- c:\windows\system32\jnotihmr.dll
2008-11-20 05:59 5,753 a------- c:\windows\system32\lvaxsaxf.dll
2008-11-19 16:45 5,753 a------- c:\windows\system32\sqnsdhkm.dll
2008-11-18 05:59 5,753 a------- c:\windows\system32\tsalayer.dll
2008-11-18 05:57 5,749 a------- c:\windows\system32\sjhnrxly.dll
2008-11-17 23:18 432,239 a------- c:\windows\fonts\'\share\Roboform Pro 6.9.91 Full.zip
2008-11-17 23:18 432,239 a------- c:\windows\fonts\'\share\Rapidshare Hacker 3.7.zip
2008-11-17 21:36 432,237 a------- c:\windows\fonts\'\share\Backup 2009 Pro 6.2.257.zip
2008-11-17 20:38 432,242 a------- c:\windows\fonts\'\share\Mobile Phone Unlocking 2007.zip
2008-11-17 20:38 432,229 a------- c:\windows\fonts\'\share\Visual Basic 2008.zip
2008-11-17 20:38 432,239 a------- c:\windows\fonts\'\share\Google Earth 4.2.zip
2008-11-17 20:38 432,236 a------- c:\windows\fonts\'\share\Windows XP USB.zip
2008-11-17 20:38 432,230 a------- c:\windows\fonts\'\share\Windows Vista Activator 2007.zip
2008-11-17 20:38 432,244 a------- c:\windows\fonts\'\share\Windows Genuine.zip
2008-11-17 20:38 432,242 a------- c:\windows\fonts\'\share\Visual Studio 2008 Express.zip
2008-11-17 20:38 432,239 a------- c:\windows\fonts\'\share\Steganos Security Suite 2007.zip
2008-11-17 20:38 432,239 a------- c:\windows\fonts\'\share\Apple Safari 3.2.zip
2008-11-17 20:38 432,237 a------- c:\windows\fonts\'\share\Kaspersky Internet Security & Antivirus 2009.zip
2008-11-17 17:57 432,245 a------- c:\windows\fonts\'\share\Power Suite 2008 Professional Wincare v2.0.4 (Portable).zip
2008-11-17 17:05 432,242 a------- c:\windows\fonts\'\share\SPSS Statistics v17.0.zip
2008-11-17 17:04 432,246 a------- c:\windows\fonts\'\share\WinXP Manager 5.2.4.zip
2008-11-17 05:57 432,240 a------- c:\windows\fonts\'\share\Fake Voice 1.8.15.02 Pro.zip
2008-11-17 05:56 432,237 a------- c:\windows\fonts\'\share\FormatFactory 1.48.zip
2008-11-16 22:01 432,236 a------- c:\windows\fonts\'\share\Kaspersky Antivirus 7.0.0.120 (Portable).zip
2008-11-16 21:09 432,243 a------- c:\windows\fonts\'\share\IK Multimedia Amplitube VST RTAS 2.1.2b.zip
2008-11-16 21:09 432,239 a------- c:\windows\fonts\'\share\Roxio Creator 2009 Ultimate.zip
2008-11-16 21:09 432,239 a------- c:\windows\fonts\'\share\Nik Software Dfine v2.1.0.2.zip
2008-11-16 21:09 432,243 a------- c:\windows\fonts\'\share\CyberLink PowerDVD 8.0.1830.0.zip
2008-11-16 21:09 432,236 a------- c:\windows\fonts\'\share\Kaspersky Internet Security 2009 - 8.0.0.454.zip
2008-11-16 20:31 432,243 a------- c:\windows\fonts\'\share\Adobe Atmosphere 1.0.zip
2008-11-16 19:40 432,242 a------- c:\windows\fonts\'\share\XP Smoker 5.4.zip
2008-11-16 18:49 432,238 a------- c:\windows\fonts\'\share\Complex Evolution 4.0.7.zip
2008-11-16 17:58 432,234 a------- c:\windows\fonts\'\share\Amazing Photo Editor 6.9.zip
2008-11-16 17:07 432,238 a------- c:\windows\fonts\'\share\Thinstall Virtualization Suite v3.332.zip
2008-11-16 16:15 432,240 a------- c:\windows\fonts\'\share\O&O Defrag Professional 10.0.zip
2008-11-16 15:25 432,241 a------- c:\windows\fonts\'\share\Adobe Lightroom 1.3.zip
2008-11-16 15:24 432,238 a------- c:\windows\fonts\'\share\Micrsoft Office Professional 2007.zip
2008-11-16 14:34 432,244 a------- c:\windows\fonts\'\share\Microsoft Paint - Vista Edition.zip
2008-11-16 12:49 432,241 a------- c:\windows\fonts\'\share\PowerArchiver 2009 v11.02.zip
2008-11-16 12:49 432,237 a------- c:\windows\fonts\'\share\Ulead MediaStudio Pro 8.zip
2008-11-16 12:49 432,243 a------- c:\windows\fonts\'\share\Ulead Photoimpact X3 Addons.zip
2008-11-16 12:49 432,241 a------- c:\windows\fonts\'\share\KC Softwares AudioGrail v6.13.3.159.zip
2008-11-16 12:49 432,236 a------- c:\windows\fonts\'\share\SecurStar DriveCrypt v5.0.53.zip
2008-11-16 12:49 432,233 a------- c:\windows\fonts\'\share\devilwarezbb.zip
2008-11-16 12:49 432,228 a------- c:\windows\fonts\'\share\Panda Global Protection 2009 2.00.00.zip
2008-11-16 12:49:06 A------- 432,244 c:\windows\fonts\'\share\MAGIX Movie Edit Pro 14 PLUS 7.5.2.12.zip

============= FINISH: 19:36:44.57 ===============

Ernest
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-01-14
OS OS : Windows XP
Points Points : 28860
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Belahzur on 14th January 2009, 1:43 am

Hello.
There is so much vundo on this machine, but we'll get it soon, once we remove the nasty stuff.
Were gonna use the avenger again.

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Files to delete:
c:\windows\system32\drivers\appdrvv.sys
c:\windows\system32\rn.tmp
c:\windows\system32\TDSSlbqp.dll
c:\windows\system32\TDSSosvn.dll
c:\windows\system32\TDSSoeqh.dll
c:\windows\system32\TDSSmqxt.dat
c:\windows\system32\TDSSfxwp.dll
c:\windows\system32\TDSScfum.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\TDSSofxh.dll
c:\windows\system32\drivers\TDSSmaxt.sys

Folders to delete:
c:\windows\fonts\'

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Ernest on 14th January 2009, 1:52 am

Here is the new report

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "c:\windows\system32\drivers\appdrvv.sys" not found!
Deletion of file "c:\windows\system32\drivers\appdrvv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "c:\windows\system32\rn.tmp" deleted successfully.
File "c:\windows\system32\TDSSlbqp.dll" deleted successfully.
File "c:\windows\system32\TDSSosvn.dll" deleted successfully.
File "c:\windows\system32\TDSSoeqh.dll" deleted successfully.
File "c:\windows\system32\TDSSmqxt.dat" deleted successfully.
File "c:\windows\system32\TDSSfxwp.dll" deleted successfully.
File "c:\windows\system32\TDSScfum.dll" deleted successfully.
File "c:\windows\system32\TDSSosvd.dat" deleted successfully.
File "c:\windows\system32\TDSSriqp.dll" deleted successfully.
File "c:\windows\system32\TDSSnrsr.dll" deleted successfully.
File "c:\windows\system32\TDSSofxh.dll" deleted successfully.
File "c:\windows\system32\drivers\TDSSmaxt.sys" deleted successfully.
Folder "c:\windows\fonts\'" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Ernest
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-01-14
OS OS : Windows XP
Points Points : 28860
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Belahzur on 14th January 2009, 1:53 am

Looking better, now lets take care of that vundo.
One last round with the avenger should do it.

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Drivers to delete:
TDSSserv.sys

Files to delete:
c:\windows\system32\cwkpqcdi.dll
c:\windows\system32\vphuwxrh.dll
c:\windows\system32\xcaolrst.dll
c:\windows\system32\tunqrgdf.dll
c:\windows\system32\cxdanxqm.dll
c:\windows\system32\tndvfkbr.dll
c:\windows\system32\iueelwpt.dll
c:\windows\system32\btlncrwx.dll
c:\windows\system32\mtyvsuos.dll
c:\windows\system32\dywpjpyv.dll
c:\windows\system32\xsifhwfl.dll
c:\windows\system32\xgtxrpxl.dll
c:\windows\system32\gpwotoyg.dll
c:\windows\system32\whyyslyr.dll
c:\windows\system32\knsrkkqb.dll
c:\windows\system32\ihnmrpai.dll
c:\windows\system32\liexursg.dll
c:\windows\system32\ihQpYJlm.ini2
c:\windows\system32\cvcxomuh.dll
c:\windows\system32\spdmrlic.dll
c:\windows\system32\gpjkfcae.dll
c:\windows\system32\geraudrm.dll
c:\windows\system32\xfekkvur.dll
c:\windows\system32\wujxpkpo.dll
c:\windows\system32\nyetmhhq.dll
c:\windows\system32\nxewmxdr.dll
c:\windows\system32\wjagqdfg.dll
c:\windows\system32\nxsyhryp.dll
c:\windows\system32\poftiiuj.dll
c:\windows\system32\nfusqbkl.dll
c:\windows\system32\gvaonjlf.dll
c:\windows\system32\kmlkduvt.dll
c:\windows\system32\igaqymfl.dll
c:\windows\system32\jgehmset.dll
c:\windows\system32\gpgykrol.dll
c:\windows\system32\aymagmyj.dll
c:\windows\system32\svbfknrg.dll
c:\windows\system32\tbrbqery.dll
c:\windows\system32\txwtuchv.dll
c:\windows\system32\dtkwcnap.dll
c:\windows\system32\qlxpxjaa.dll
c:\windows\system32\ebhanrof.dll
c:\windows\system32\atgladco.dll
c:\windows\system32\gjgswkmn.dll
c:\windows\system32\xbcibqbj.dll
c:\windows\system32\twuwusft.dll
c:\windows\system32\lrqmcflr.dll
c:\windows\system32\smwvjkrv.dll
c:\windows\system32\rjdncuhi.dll
c:\windows\system32\rpipkqlk.dll
c:\windows\system32\uajtntjs.dll
c:\windows\system32\mmhfcgkw.dll
c:\windows\system32\geBrsRHW.dll
c:\program files\common files\Yazzle1396OinUninstaller.exe
c:\windows\system32\gqcgttvy.dll
c:\windows\system32\euewvcwb.dll
c:\windows\system32\bumdxfpl.dll
c:\windows\system32\ybdfhxvt.dll
c:\windows\system32\mphdhxej.dll
c:\documents and settings\angueira\de.bat
c:\documents and settings\angueira\sn.exe
c:\documents and settings\angueira\sn3.exe
c:\documents and settings\angueira\sn2.exe
c:\documents and settings\angueira\sn1.exe
c:\windows\system32\fpwcfisa.dll
c:\windows\system32\mrhtwnvw.dll
c:\windows\system32\krmjqlak.dll
c:\windows\system32\qqfpcfrs.dll
c:\windows\system32\jnotihmr.dll
c:\windows\system32\lvaxsaxf.dll
c:\windows\system32\sqnsdhkm.dll
c:\windows\system32\tsalayer.dll
c:\windows\system32\sjhnrxly.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Ernest on 14th January 2009, 2:02 am

Getting the following error: Can't open file 'C:\zip.exe: the process cannot access the file because it is being used by anotyher process

Ernest
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-01-14
OS OS : Windows XP
Points Points : 28860
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Belahzur on 14th January 2009, 2:03 am

So the avenger will not run this time?
Delete your copy of the avenger and re-download it from the links, and try again.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Ernest on 14th January 2009, 2:08 am

Not working. Will try one more time

Ernest
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-01-14
OS OS : Windows XP
Points Points : 28860
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Belahzur on 14th January 2009, 2:13 am

Standing by.
If it doesn't work, we have more tools we can use.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Ernest on 14th January 2009, 2:22 am

Finally,
Here it is
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Tue Jan 13 19:58:34 2009

19:58:32: Error: can't open file 'C:\zip.exe' (error 32: the process cannot access the file because it is being used by another process.)
19:58:34: Error: Could not open zip file.
Aborting execution! (error 6: the handle is invalid.)


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Tue Jan 13 19:58:56 2009

19:58:55: Error: can't open file 'C:\zip.exe' (error 32: the process cannot access the file because it is being used by another process.)
19:58:56: Error: Could not open zip file.
Aborting execution! (error 6: the handle is invalid.)


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Tue Jan 13 19:59:19 2009

19:59:18: Error: can't open file 'C:\zip.exe' (error 32: the process cannot access the file because it is being used by another process.)
19:59:19: Error: Could not open zip file.
Aborting execution! (error 6: the handle is invalid.)


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Tue Jan 13 20:01:33 2009

20:01:31: Error: can't open file 'C:\zip.exe' (error 32: the process cannot access the file because it is being used by another process.)
20:01:33: Error: Could not open zip file.
Aborting execution! (error 6: the handle is invalid.)


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Tue Jan 13 20:03:03 2009

20:03:01: Error: can't open file 'C:\zip.exe' (error 32: the process cannot access the file because it is being used by another process.)
20:03:03: Error: Could not open zip file.
Aborting execution! (error 6: the handle is invalid.)


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Tue Jan 13 20:04:03 2009

20:04:00: Error: can't open file 'C:\zip.exe' (error 32: the process cannot access the file because it is being used by another process.)
20:04:03: Error: Could not open zip file.
Aborting execution! (error 6: the handle is invalid.)


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Tue Jan 13 20:05:43 2009

20:05:39: Error: can't open file 'C:\zip.exe' (error 32: the process cannot access the file because it is being used by another process.)
20:05:41: Error: Could not open zip file.
Aborting execution! (error 6: the handle is invalid.)


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Tue Jan 13 20:06:56 2009

20:06:55: Error: can't open file 'C:\zip.exe' (error 32: the process cannot access the file because it is being used by another process.)
20:06:56: Error: Could not open zip file.
Aborting execution! (error 6: the handle is invalid.)


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Tue Jan 13 20:07:49 2009

20:07:49: Error: can't open file 'C:\zip.exe' (error 32: the process cannot access the file because it is being used by another process.)
20:07:49: Error: Could not open zip file.
Aborting execution! (error 6: the handle is invalid.)


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Tue Jan 13 20:09:49 2009

20:09:48: Error: can't open file 'C:\zip.exe' (error 32: the process cannot access the file because it is being used by another process.)
20:09:49: Error: Could not open zip file.
Aborting execution! (error 6: the handle is invalid.)


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "TDSSserv.sys" deleted successfully.
File "c:\windows\system32\cwkpqcdi.dll" deleted successfully.
File "c:\windows\system32\vphuwxrh.dll" deleted successfully.
File "c:\windows\system32\xcaolrst.dll" deleted successfully.
File "c:\windows\system32\tunqrgdf.dll" deleted successfully.
File "c:\windows\system32\cxdanxqm.dll" deleted successfully.
File "c:\windows\system32\tndvfkbr.dll" deleted successfully.
File "c:\windows\system32\iueelwpt.dll" deleted successfully.
File "c:\windows\system32\btlncrwx.dll" deleted successfully.
File "c:\windows\system32\mtyvsuos.dll" deleted successfully.
File "c:\windows\system32\dywpjpyv.dll" deleted successfully.
File "c:\windows\system32\xsifhwfl.dll" deleted successfully.
File "c:\windows\system32\xgtxrpxl.dll" deleted successfully.
File "c:\windows\system32\gpwotoyg.dll" deleted successfully.
File "c:\windows\system32\whyyslyr.dll" deleted successfully.
File "c:\windows\system32\knsrkkqb.dll" deleted successfully.
File "c:\windows\system32\ihnmrpai.dll" deleted successfully.
File "c:\windows\system32\liexursg.dll" deleted successfully.
File "c:\windows\system32\ihQpYJlm.ini2" deleted successfully.
File "c:\windows\system32\cvcxomuh.dll" deleted successfully.
File "c:\windows\system32\spdmrlic.dll" deleted successfully.
File "c:\windows\system32\gpjkfcae.dll" deleted successfully.
File "c:\windows\system32\geraudrm.dll" deleted successfully.
File "c:\windows\system32\xfekkvur.dll" deleted successfully.
File "c:\windows\system32\wujxpkpo.dll" deleted successfully.
File "c:\windows\system32\nyetmhhq.dll" deleted successfully.
File "c:\windows\system32\nxewmxdr.dll" deleted successfully.
File "c:\windows\system32\wjagqdfg.dll" deleted successfully.
File "c:\windows\system32\nxsyhryp.dll" deleted successfully.
File "c:\windows\system32\poftiiuj.dll" deleted successfully.
File "c:\windows\system32\nfusqbkl.dll" deleted successfully.
File "c:\windows\system32\gvaonjlf.dll" deleted successfully.
File "c:\windows\system32\kmlkduvt.dll" deleted successfully.
File "c:\windows\system32\igaqymfl.dll" deleted successfully.
File "c:\windows\system32\jgehmset.dll" deleted successfully.
File "c:\windows\system32\gpgykrol.dll" deleted successfully.
File "c:\windows\system32\aymagmyj.dll" deleted successfully.
File "c:\windows\system32\svbfknrg.dll" deleted successfully.
File "c:\windows\system32\tbrbqery.dll" deleted successfully.
File "c:\windows\system32\txwtuchv.dll" deleted successfully.
File "c:\windows\system32\dtkwcnap.dll" deleted successfully.
File "c:\windows\system32\qlxpxjaa.dll" deleted successfully.
File "c:\windows\system32\ebhanrof.dll" deleted successfully.
File "c:\windows\system32\atgladco.dll" deleted successfully.
File "c:\windows\system32\gjgswkmn.dll" deleted successfully.
File "c:\windows\system32\xbcibqbj.dll" deleted successfully.
File "c:\windows\system32\twuwusft.dll" deleted successfully.
File "c:\windows\system32\lrqmcflr.dll" deleted successfully.
File "c:\windows\system32\smwvjkrv.dll" deleted successfully.
File "c:\windows\system32\rjdncuhi.dll" deleted successfully.
File "c:\windows\system32\rpipkqlk.dll" deleted successfully.
File "c:\windows\system32\uajtntjs.dll" deleted successfully.
File "c:\windows\system32\mmhfcgkw.dll" deleted successfully.
File "c:\windows\system32\geBrsRHW.dll" deleted successfully.
File "c:\program files\common files\Yazzle1396OinUninstaller.exe" deleted successfully.
File "c:\windows\system32\gqcgttvy.dll" deleted successfully.
File "c:\windows\system32\euewvcwb.dll" deleted successfully.
File "c:\windows\system32\bumdxfpl.dll" deleted successfully.
File "c:\windows\system32\ybdfhxvt.dll" deleted successfully.
File "c:\windows\system32\mphdhxej.dll" deleted successfully.
File "c:\documents and settings\angueira\de.bat" deleted successfully.
File "c:\documents and settings\angueira\sn.exe" deleted successfully.
File "c:\documents and settings\angueira\sn3.exe" deleted successfully.
File "c:\documents and settings\angueira\sn2.exe" deleted successfully.
File "c:\documents and settings\angueira\sn1.exe" deleted successfully.
File "c:\windows\system32\fpwcfisa.dll" deleted successfully.
File "c:\windows\system32\mrhtwnvw.dll" deleted successfully.
File "c:\windows\system32\krmjqlak.dll" deleted successfully.
File "c:\windows\system32\qqfpcfrs.dll" deleted successfully.
File "c:\windows\system32\jnotihmr.dll" deleted successfully.
File "c:\windows\system32\lvaxsaxf.dll" deleted successfully.
File "c:\windows\system32\sqnsdhkm.dll" deleted successfully.
File "c:\windows\system32\tsalayer.dll" deleted successfully.
File "c:\windows\system32\sjhnrxly.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Ernest
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-01-14
OS OS : Windows XP
Points Points : 28860
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Belahzur on 14th January 2009, 2:24 am

Hello.
Please run a new DDS scan and lets make sure we got it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Ernest on 14th January 2009, 2:31 am

DDS report

DDS (Ver_09-01-07.01) - NTFSx86
Run by Angueira at 20:27:19.23 on Tue 01/13/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.516 [GMT -6:00]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated)
FW: Trend Micro Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\program files\timbuktu pro\minitb2.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\zip.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Documents and Settings\Angueira\Local Settings\Temporary Internet Files\Content.IE5\PT4K4XIM\dds[1].com
C:\WINDOWS\system32\wuauclt.exe

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
mSearch Page =
uInternet Settings,ProxyOverride = 127.0.0.1
mSearchAssistant = [You must be registered and logged in to see this link.]
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: []
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [TLogonPath] "c:\program files\timbuktu pro\minitb2.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dlbcserv.lnk - c:\program files\dell photo printer 720\dlbcserv.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: {E468195E-3B64-4A29-9EAD-EA244C1FF765} - No File
LSA: Authentication Packages = msv1_0 c:\windows\system32\mlJYpQhi

============= SERVICES / DRIVERS ===============

R1 Tb2MirrorSys;TB2 Remote Control Mirror Driver;NetopiaRC\Tb2MirrorSys.sys --> NetopiaRC\Tb2MirrorSys.sys [?]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-2-15 333328]
R4 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-11-17 52240]
R4 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-2-15 36368]
S1 APPDRVV;APPDRVV;c:\windows\system32\drivers\appdrvv.sys --> c:\windows\system32\drivers\APPDRVV.sys [?]

=============== Created Last 30 ================

2009-01-13 20:15 19,286 a------- C:\cleanup.exe
2009-01-13 20:15 574 a------- C:\cleanup.bat
2009-01-13 20:15 263 a------- C:\avexport.bat
2009-01-13 19:47 135,168 a------- C:\zip.exe
2008-12-25 13:21 54,156 a---h--- c:\windows\QTFont.qfn
2008-12-25 13:21 1,409 a------- c:\windows\QTFont.for
2008-12-23 09:32 --d----- c:\windows\system32\scripting
2008-12-23 09:32 --d----- c:\windows\l2schemas
2008-12-23 09:32 --d----- c:\windows\system32\en
2008-12-23 09:32 --d----- c:\windows\system32\bits
2008-12-23 09:25 --d----- c:\windows\ServicePackFiles
2008-12-23 09:14 --d----- c:\windows\EHome
2008-12-22 22:43 333,824 -------- c:\windows\system32\dllcache\srv.sys
2008-12-22 22:40 1,846,400 -------- c:\windows\system32\dllcache\win32k.sys
2008-12-22 22:39 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-22 22:39 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-22 22:39 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-22 22:39 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-22 22:36 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-12-22 21:48 --d----- c:\program files\Lavasoft
2008-12-22 21:45 --d----- c:\program files\common files\Wise Installation Wizard
2008-12-21 21:22 23,576 a------- c:\windows\system32\wuapi.dll.mui

==================== Find3M ====================

2009-01-11 18:37 16,384 a------- c:\windows\DCEBoot.exe
2008-12-30 15:50 147,456 a------- c:\windows\system32\vbzip10.dll
2008-12-13 00:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-11-26 17:42 205,328 a------- c:\windows\system32\drivers\tmxpflt.sys
2008-11-26 17:42 36,368 a------- c:\windows\system32\drivers\tmpreflt.sys
2008-11-26 17:39 1,195,384 a------- c:\windows\system32\drivers\vsapint.sys
2008-10-24 05:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 06:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 06:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:12 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 07:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 07:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-08-27 21:16 516 a------- c:\program files\Settings.ini
2008-08-10 21:10 2,688 a------- c:\documents and settings\angueira\services.exe

============= FINISH: 20:29:54.45 ===============

Ernest
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-01-14
OS OS : Windows XP
Points Points : 28860
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Ernest on 14th January 2009, 2:32 am

Not sure how to attach the attach.txt file

Ernest
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-01-14
OS OS : Windows XP
Points Points : 28860
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Belahzur on 14th January 2009, 2:35 am

Hello.
Don't worry, don't need attach.
Just do this, and we'll call it a day, once these have been nuked, all the rest of the log looks clean to me.

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :processes
    explorer.exe

    :services
    APPDRVV

    :files
    C:\cleanup.exe
    C:\cleanup.bat
    C:\avexport.bat
    C:\zip.exe
    c:\program files\Settings.ini
    c:\documents and settings\angueira\services.exe
    C:\Documents and Settings\Angueira\Application Data\Google\*.*

    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Authentication Packages"=hex(7):"msv1_0"

    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]



  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

What problems remain now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Ernest on 14th January 2009, 2:42 am

OTMoveIt3 stop responding after I click on Move it and they starting showing up on Results side

Ernest
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-01-14
OS OS : Windows XP
Points Points : 28860
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Belahzur on 14th January 2009, 2:43 am

No problem.
The log is saved anyway.
Navigate to this folder in bold:
C:\_OTMoveIt

There's a .log file in there, the file name for the log is todays date.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Ernest on 14th January 2009, 2:54 am

I can't find a .log file in the _OTMoveIt folder.
Thanks

Ernest
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-01-14
OS OS : Windows XP
Points Points : 28860
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Ernest on 14th January 2009, 2:57 am

The folder "01132009_203839" is there but not a .log file

Ernest
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-01-14
OS OS : Windows XP
Points Points : 28860
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Belahzur on 14th January 2009, 1:52 pm

Ah, doesn't matter then, it still did the moving part of the job.
What problems remain?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Ernest on 15th January 2009, 3:32 am

I just start the computer and the pop up is not there. I'll follow your other advices and trying to find the OS resources.

Thanks

Ernest
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-01-14
OS OS : Windows XP
Points Points : 28860
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Belahzur on 15th January 2009, 4:23 pm

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Select the first option where it says "Java SE Runtime Environment (JRE) 6 Update 11".
  • Click the "Download" button to the right.
  • In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    - Java 2 Runtime Environment, SE v1.4.2
    - J2SE Runtime Environment 5.0
    - J2SE Runtime Environment 5.0 Update 2
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe that you downloaded to install the newest version.
Please make sure the new version of Java is installed before you run JavaRa.

Please download JavaRa from [You must be registered and logged in to see this link.]

  • First, unzip it.
  • Then run JavaRa.
  • Select English from the drop down menu and press Select.
  • This will open JavaRa.
  • Press Remove older versions
  • Press yes to the prompt.
  • It will make a log file of what it's removed.
  • Copy and paste the log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Ernest on 16th January 2009, 1:16 am

Here is the log.

JavaRa 1.12 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Jan 15 19:09:42 2009

Found and removed: C:\Program Files\Java\j2re1.4.2_03

JavaRa 1.12 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Jan 15 19:15:14 2009

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

------------------------------------

Finished reporting.

Ernest
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-01-14
OS OS : Windows XP
Points Points : 28860
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Belahzur on 16th January 2009, 4:44 pm

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Ernest on 17th January 2009, 4:07 am

Thanks for all the help. I'm working on installing the different spyware programs.
I was wondering if another computer that I have connected to the same network may be infected too.

Ernest
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-01-14
OS OS : Windows XP
Points Points : 28860
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Belahzur on 17th January 2009, 11:37 am

No, I don't think so.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Doctor Inferno on 18th April 2009, 10:55 am

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104630
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Problem with Win32.zafi.b virus. Need help to remove it!!!

Post by Doctor Inferno on 18th April 2009, 10:55 am

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104630
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum