Re: Help please with VX2, IGETNET, ugroup and popups
From: Mctabish (mc_at_)
Date: 12/15/04
- Next message: garryhatter_at_telus.net: "Re: AMD 64 restart Problem after SP2"
- Previous message: Carey Frisch [MVP]: "Re: What's going on?"
- In reply to: David H. Lipman: "Re: Help please with VX2, IGETNET, ugroup and popups"
- Next in thread: rjdriver: "Re: Help please with VX2, IGETNET, ugroup and popups"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 15 Dec 2004 16:20:32 GMT
Downloaded trend (alread had ad aware 1.05)
Trend could not open all files (access denied) it did not find anything with
the files it opened.
Log attached below.
AD Aware still found critical, but could not remove one of the
files -C:\WINDOWS\system32\ennql1551.dll (one that trend could not access)
I DID do this in SAFE MODE.
What else can I do?
Thanks
Mc
Log file for Trend
/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/
2004-12-14, 19:00:04, Auto-clean mode specified.
2004-12-14, 19:00:04, Running scanner "C:\virus\TSC.BIN"...
2004-12-14, 19:02:40, Scanner "C:\virus\TSC.BIN" has finished running.
2004-12-14, 19:02:40, TSC Log:
2004-12-14, 19:54:10, An error occurred while scanning file "C:\Documents
and Settings\Bruce.LAPPIE\NTUSER.DAT": Access is denied.
2004-12-14, 19:54:10, An error occurred while scanning file "C:\Documents
and Settings\Bruce.LAPPIE\ntuser.dat.LOG": Access is denied.
2004-12-14, 20:35:03, An error occurred while scanning file "C:\Documents
and Settings\Bruce.LAPPIE\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2004-12-14, 20:35:03, An error occurred while scanning file "C:\Documents
and Settings\Bruce.LAPPIE\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2004-12-14, 20:51:37, An error occurred while scanning file "C:\Documents
and Settings\NetworkService\NTUSER.DAT": Access is denied.
2004-12-14, 20:51:37, An error occurred while scanning file "C:\Documents
and Settings\NetworkService\ntuser.dat.LOG": Access is denied.
2004-12-14, 20:51:37, An error occurred while scanning file "C:\Documents
and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2004-12-14, 20:51:37, An error occurred while scanning file "C:\Documents
and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\AD-AWARE.EXE-2ED3360E.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\CNMSM56.EXE-04173B48.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\DW.EXE-227292CF.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\EXCEL.EXE-2C971FD7.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\HELPCTR.EXE-3862B6F5.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\HH.EXE-2D1A70B3.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\HPGS2WNF.EXE-0E86C34B.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\IEDW.EXE-1880380E.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\KILLBOX.EXE-191EF7AF.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\Layout.ini": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\MCAGENT.EXE-168D195B.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\MCAPPINS.EXE-08FD5359.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\MCDASH.EXE-26506D96.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\MCINFO.EXE-35A0A279.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\MCMNHDLR.EXE-25682BF9.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\MCSHIELD.EXE-15F93AD5.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\MCUPDATE.EXE-19916285.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\MCUPDMGR.EXE-2963FAB2.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\MCUPDUI.EXE-27129637.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\MCVSESCN.EXE-093F0C5C.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\MCVSFTSN.EXE-28693C17.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\MCVSMAP.EXE-155ED7D3.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\MCVSRTE.EXE-3391F051.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\MCVSSHLD.EXE-2D6751F9.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\MGHTML.EXE-31D79FA5.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\MSIMN.EXE-38BA891D.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\MSOHELP.EXE-06826F09.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\MSPAINT.EXE-11CBB631.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\MSPUB.EXE-3934B7B4.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\NTVDM.EXE-1A10A423.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\OUTLOOK.EXE-27D5965C.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\PHOTOED.EXE-0F3CAA01.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\QW.EXE-1F6051DF.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\RASAUTOU.EXE-18B88A68.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\REALPLAY.EXE-1BF219BD.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\REALSCHED.EXE-3282FD31.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\RUNDLL32.EXE-12CFC0CD.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\RUNDLL32.EXE-15FD705A.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\RUNDLL32.EXE-1985E989.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\RUNDLL32.EXE-1A8A4565.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\RUNDLL32.EXE-20332B33.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\RUNDLL32.EXE-2576181F.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\RUNDLL32.EXE-29486132.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\RUNDLL32.EXE-2AE445C7.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\RUNDLL32.EXE-2FABF9D3.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\RUNDLL32.EXE-307B5698.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\RUNDLL32.EXE-3D64C4BA.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\SPYBOTSD.EXE-1344276B.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\WINWORD.EXE-29F5CB89.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf": Access is denied.
2004-12-15, 00:10:55, Could not set file for reading on
"C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf": Access is denied.
2004-12-15, 00:12:46, An error occurred while scanning file
"C:\WINDOWS\system32\ennql1551.dll": Access is denied.
2004-12-15, 00:13:08, An error occurred while scanning file
"C:\WINDOWS\system32\l0r0la9m1d.dll": Access is denied.
2004-12-15, 00:14:49, An error occurred while scanning file
"C:\WINDOWS\system32\wbsdmoe.dll": Access is denied.
2004-12-15, 00:15:21, An error occurred while scanning file
"C:\WINDOWS\system32\config\DEFAULT": Access is denied.
2004-12-15, 00:15:21, An error occurred while scanning file
"C:\WINDOWS\system32\config\default.LOG": Access is denied.
2004-12-15, 00:15:21, An error occurred while scanning file
"C:\WINDOWS\system32\config\SAM": Access is denied.
2004-12-15, 00:15:21, An error occurred while scanning file
"C:\WINDOWS\system32\config\SAM.LOG": Access is denied.
2004-12-15, 00:15:21, An error occurred while scanning file
"C:\WINDOWS\system32\config\SECURITY": Access is denied.
2004-12-15, 00:15:21, An error occurred while scanning file
"C:\WINDOWS\system32\config\SECURITY.LOG": Access is denied.
2004-12-15, 00:15:21, An error occurred while scanning file
"C:\WINDOWS\system32\config\SOFTWARE": Access is denied.
2004-12-15, 00:15:21, An error occurred while scanning file
"C:\WINDOWS\system32\config\software.LOG": Access is denied.
2004-12-15, 00:15:22, An error occurred while scanning file
"C:\WINDOWS\system32\config\SYSTEM": Access is denied.
2004-12-15, 00:15:22, An error occurred while scanning file
"C:\WINDOWS\system32\config\system.LOG": Access is denied.
2004-12-15, 00:17:17, Running scanner "C:\virus\VSCANTM.BIN"...
2004-12-15, 03:47:16, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 12/15/2004 00:17:18
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 297 (81045 Patterns) (2004/12/14) (229700)
Command Line: C:\virus\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF
/NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\virus
257155 files have been read.
257155 files have been checked.
132570 files have been scanned.
214621 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/15/2004 03:47:16
---------*---------*---------*---------*---------*---------*---------*---------*
2004-12-15, 03:47:16, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 12/15/2004 00:17:17
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 297 (81045 Patterns) (2004/12/14) (229700)
Command Line: C:\virus\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF
/NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\virus
257155 files have been read.
257155 files have been checked.
132570 files have been scanned.
214621 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/15/2004 03:47:16 3 hours 29 minutes 53 seconds (12592.47
seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2004-12-15, 03:47:16, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 12/15/2004 00:17:17
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 297 (81045 Patterns) (2004/12/14) (229700)
Command Line: C:\virus\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF
/NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\virus
257155 files have been read.
257155 files have been checked.
132570 files have been scanned.
214621 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/15/2004 03:47:16 3 hours 29 minutes 53 seconds (12592.47
seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2004-12-15, 03:47:16, Scanner "C:\virus\VSCANTM.BIN" has finished running.
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:%23roqEwj4EHA.2788@TK2MSFTNGP15.phx.gbl...
> 1) Download the following three items...
>
> Trend Sysclean Package
> http://www.trendmicro.com/download/dcs.asp
>
> Latest Trend signature files.
> http://www.trendmicro.com/download/pattern.asp
>
> Adaware SE (free personal version v1.05)
> http://www.lavasoftusa.com/
>
> Create a directory.
> On drive "C:\"
> (e.g., "c:\New Folder")
> or the desktop
> (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
>
> Download SYSCLEAN.COM and place it in that directory.
> Download the Trend Pattern File by obtaining the ZIP file.
> For example; lpt297.zip
>
> Extract the contents of the ZIP file and place the contents in the same
> directory as
> SYSCLEAN.COM.
>
> 2) Update Adaware with the latest definitions.
> 3) If you are using WinME or WinXP, disable System Restore
> http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
> 4) Reboot your PC into Safe Mode
> 5) Using both the Trend Sysclean utility and Adaware, perform a Full
> Scan of your
> platform and clean/delete any infectors/parasites found.
> (a few cycles may be needed)
> 6) Restart your PC and perform a "final" Full Scan of your platform
> using both the
> Trend Sysclean utility and Adaware
> 7) If you are using WinME or WinXP,Re-enable System Restore and
> re-apply any
> System Restore preferences, (e.g. HD space to use suggested 400 ~
> 600MB),
> 8) Reboot your PC.
> 9) If you are using WinME or WinXP, create a new Restore point
>
> * * * Please report back your results * * *
>
> Dave
>
>
>
>
> "Mctabish johnsonclan.net>" <mc@ <nospam> wrote in message
> news:djLvd.261249$R05.174154@attbi_s53...
> | I somehow have somehow become infected. with VX2, IGETNET, ugroup and
> popup.
> | I seem to have made progress with igetnet, but not the others.
> |
> | I have ran the latest mcafee, spybot and adware. I have used ad awares
> VX2
> | removal tool but it reports "system clean" yet ad aware continues to
> find
> | VX2 files. I try to delete, but always atleast ONE file is in use. I
> have
> | rebooted to COMMAND PROMT and deleted what files I could find that were
> | trying to be deleted, but one or two I have not been able to find.
> |
> | I keep getting POPup every several moment, the usually want to sell me
> | either a spyware package, or a performace package (can you spell
> BLACKMAIL?)
> |
> | Please help! I am afraid to send or recieve email, and being on the WEB
> is a
> | real pain. (even though the popup come when I am not on the web, they
> come
> | much higher rate when I am.
> |
> | also, on boot up, I get a rundll error "An exception occured while
> trying to
> | run ""c:\windows\system32\filename.dll",UMonitor"
> |
> | TIA
> | Mc
> |
> |
>
>
- Next message: garryhatter_at_telus.net: "Re: AMD 64 restart Problem after SP2"
- Previous message: Carey Frisch [MVP]: "Re: What's going on?"
- In reply to: David H. Lipman: "Re: Help please with VX2, IGETNET, ugroup and popups"
- Next in thread: rjdriver: "Re: Help please with VX2, IGETNET, ugroup and popups"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
