win32.zafi.b <sigh>

View previous topic View next topic Go down

Solved Re: win32.zafi.b <sigh>

Post by Belahzur on Thu Jan 22, 2009 1:19 am

Three files left to kill.
Were gonna use OTMoveIt again, so if you don't have the exe for it anymore, go back to the first page and re-download it.

  • Please double-click OTMoveIt3.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :services
    Viewpoint Manager Service

    :files
    c:\windows\system32\TDSSfxmp.dll
    c:\windows\system32\TDSSosvd.dat
    c:\windows\system32\drivers\svchost.exe

    :commands
    [purity]
    [emptytemp]
    [reboot]


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: win32.zafi.b <sigh>

Post by dandelion9493 on Thu Jan 22, 2009 1:25 am

OTMoveIt3 Results:

========== SERVICES/DRIVERS ==========
Service Viewpoint Manager Service stopped successfully.
Service Viewpoint Manager Service deleted successfully.
========== FILES ==========
LoadLibrary failed for c:\windows\system32\TDSSfxmp.dll
c:\windows\system32\TDSSfxmp.dll NOT unregistered.
c:\windows\system32\TDSSfxmp.dll moved successfully.
c:\windows\system32\TDSSosvd.dat moved successfully.
c:\windows\system32\drivers\svchost.exe moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1ec.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_330.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\cdtup8mr.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\cdtup8mr.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\cdtup8mr.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\cdtup8mr.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\cdtup8mr.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01212009_202139


(I'll be rebooting now.)

dandelion9493
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-01-20
OS : MS Windows XP Professional

View user profile

Back to top Go down

Solved Re: win32.zafi.b <sigh>

Post by Belahzur on Thu Jan 22, 2009 1:26 am

Hello.
Please delete this folder in bold:
C:\_OTMoveIt

What problems remain?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: win32.zafi.b <sigh>

Post by dandelion9493 on Thu Jan 22, 2009 1:40 am

I couldn't find anything bold from which to delete C:\_OTMoveIt, so I just deleted the folder "_OTMoveIt" from my C: drive...

(yeah, I'm a grammar nazi; I'm gonna miss all the Bushisms)

dandelion9493
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-01-20
OS : MS Windows XP Professional

View user profile

Back to top Go down

Solved Re: win32.zafi.b <sigh>

Post by Belahzur on Thu Jan 22, 2009 1:42 am

LMBO or ROFL
Think you read my post backwards, I bolded the folder here on my forum as a way of pointing it out, but the folder itself won't be bolded on your C drive.

How is the machine now? running smoother?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: win32.zafi.b <sigh>

Post by dandelion9493 on Thu Jan 22, 2009 1:54 am

No, I didn't misread your post; I knew exactly what you meant. It was just worded awkwardly - "Please delete this folder I have shown in bold:" Like I said, I'm a grammar nazi. But please forgive my poor attempt at humor - you are doing a wonderful job.

As far as I can tell, the computer's been running just fine. My daughter has spent a good deal of time on it since last night, and she has no complaints about it's performance (well, any unusual complaints, since it is a 4 year old PC).

Fixed your tag.
-Belahzur

dandelion9493
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-01-20
OS : MS Windows XP Professional

View user profile

Back to top Go down

Solved Re: win32.zafi.b <sigh>

Post by dandelion9493 on Thu Jan 22, 2009 1:54 am

Crap. That didn't turn out right. Probably misspelled strong on the tag.

dandelion9493
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-01-20
OS : MS Windows XP Professional

View user profile

Back to top Go down

Solved Re: win32.zafi.b <sigh>

Post by Belahzur on Thu Jan 22, 2009 2:22 pm

Glad to hear it. Wink
Ask her to read this post and to be careful of any emails she opens in the future, no emails these days can be trusted, it's too easy to fake email addresses.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: win32.zafi.b <sigh>

Post by dandelion9493 on Fri Jan 23, 2009 3:36 am

Hello. Thanks for the tips. But I do have a question: The free stuff (Ad-Aware, Spybot S&D, etc.) - do you mean for me to use those in addition to the Trend Micro PC-cillin Internet Security (av, anti-spyware, anti-phishing, parental controls, firewall) that I'm currently using?

[On a side note, my TM subscriptions will be expiring in about a month. A few days ago a much more knowledgeable coworker suggested that I switch to McAfee which he feels is better; Amazon had a lightning deal today on McAfee Total Internet Protection 2009 3-user for $20 - couldn't pass that up, so I'll be switching to McAfee shortly.]

I do have Windows Automatic Updates turned on (and all critical patches were applied automatically), also have automatic updates on the TM, and a daily C:\ drive scan scheduled. TM was up-to-date on the computer with the problem - until the nasty-ware turned off _all_ auto updates. I like to think that I have a pretty good track record as far as viruses / spyware / nasty stuff is concerned: I've had at least one pc in the house (currently have 4) for over 10 years, and this is the first problem of this type.

Again, thanks for the help. I'll definitely keep this site in mind - and not just for help with nasty stuff, but also as a resource for programming questions/problems.

dandelion9493
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-01-20
OS : MS Windows XP Professional

View user profile

Back to top Go down

Solved Re: win32.zafi.b <sigh>

Post by Belahzur on Fri Jan 23, 2009 5:01 pm

Hello.
No, don't use all of them, they will slow your machine down.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: win32.zafi.b <sigh>

Post by Doctor Inferno on Sat May 02, 2009 6:45 am

Since this issue has been addressed, a "solved" tag will be added and this topic will be closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Status :
Online
Offline

Posts : 12017
Joined : 2007-12-26
Gender : Male
OS : Windows 7 Home Premium and Ultimate X64

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum