Solved Virus/Trojan Help Needed

Hi Geri...
I'm ready to do anything to get the laptop virus free !!

Tell me what to do??

 

Hi Andy

OK.
First go into Nortons quarantines folder and delete everything in there.

Now Download
OTMoveIt2 by OldTimer to your Desktop.

Don't do anything with it yet.

Back up your registry.
Click "Start" > "All Programs "
Find and go to ERUNT in the menu.
In the window that opens click on ERUNT.
By Defult the backup location is c:\windows\erunt\ (current date)
Click OK to continue with the registry backup.

Now make a new restore point, name it "BF OTmoveit ".Here is how.

Click on Start > All Programs
Go to Accessories > System Tools > System Restore.
Click on Create a restore Point, Click Next.
Type in BF OTmoveit and click Create.
Close the window.

• Now double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  Code:

  C:\Documents and Settings\Yasmeen\Desktop\New Folder\codecs
  C:\Documents and Settings\Yasmeen\Desktop\New Folder\DLINK DSL\start.exe
  C:\Documents and Settings\Yasmeen\Desktop\New Folder\GameSetup.exe 
  C:\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8
  C:\Documents and Settings\Yasmeen\Desktop\yyy\pix\hussein\New Folder (2)
  C:\Recycled
  G:\AUTORUN.FCB 
  G:\AUTORUN.INF 
  G:\Recycled

• Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move " window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please post the OTMoveit2 log and a new Kaspersky scan.

Thanks
Geri

 

Hi Geri,

Done the requested. below are the 2 logs... I guess I should have ran ATF cleaner prior to running the new kaspersky scan???

C:\Documents and Settings\Yasmeen\Desktop\New Folder\codecs moved successfully.
C:\Documents and Settings\Yasmeen\Desktop\New Folder\DLINK DSL\start.exe moved successfully.
C:\Documents and Settings\Yasmeen\Desktop\New Folder\GameSetup.exe moved successfully.
C:\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay\Videos moved successfully.
C:\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay\Scripts moved successfully.
C:\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay\Plugins moved successfully.
C:\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay\Images moved successfully.
C:\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay\Icons moved successfully.
C:\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay\Flash moved successfully.
C:\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay\Docs\Setup\licenses moved successfully.
C:\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay\Docs\Setup moved successfully.
C:\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay\Docs\RESCUEME\DOSYSTEM moved successfully.
C:\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay\Docs\RESCUEME moved successfully.
C:\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay\Docs\DOCS moved successfully.
C:\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay\Docs\BTMagic\Setup moved successfully.
C:\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay\Docs\BTMagic\Rescueme\DOSYSTEM moved successfully.
C:\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay\Docs\BTMagic\Rescueme moved successfully.
C:\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay\Docs\BTMagic moved successfully.
C:\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay\Docs moved successfully.
C:\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay\Buttons moved successfully.
C:\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay\Audio moved successfully.
C:\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay moved successfully.
C:\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8 moved successfully.
C:\Documents and Settings\Yasmeen\Desktop\yyy\pix\hussein\New Folder (2)\New Folder\pictures\maadi.23 nov 06 moved successfully.
C:\Documents and Settings\Yasmeen\Desktop\yyy\pix\hussein\New Folder (2)\New Folder\pictures\husseino moved successfully.
C:\Documents and Settings\Yasmeen\Desktop\yyy\pix\hussein\New Folder (2)\New Folder\pictures\farah faya06 moved successfully.
C:\Documents and Settings\Yasmeen\Desktop\yyy\pix\hussein\New Folder (2)\New Folder\pictures\5oct.so7our at laila moved successfully.
C:\Documents and Settings\Yasmeen\Desktop\yyy\pix\hussein\New Folder (2)\New Folder\pictures\10 nov06 moved successfully.
C:\Documents and Settings\Yasmeen\Desktop\yyy\pix\hussein\New Folder (2)\New Folder\pictures moved successfully.
C:\Documents and Settings\Yasmeen\Desktop\yyy\pix\hussein\New Folder (2)\New Folder\maadi.essential.23 nov.06 moved successfully.
C:\Documents and Settings\Yasmeen\Desktop\yyy\pix\hussein\New Folder (2)\New Folder moved successfully.
C:\Documents and Settings\Yasmeen\Desktop\yyy\pix\hussein\New Folder (2)\farah kharmas cousin moved successfully.
C:\Documents and Settings\Yasmeen\Desktop\yyy\pix\hussein\New Folder (2) moved successfully.
C:\Recycled\Recycled moved successfully.
C:\Recycled moved successfully.
G:\AUTORUN.FCB moved successfully.
G:\AUTORUN.INF moved successfully.
G:\Recycled moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06122008_194442

 

Kaspersky Log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, June 12, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, June 12, 2008 15:55:47
Records in database: 856108
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
G:\

Scan statistics:
Files scanned: 70858
Threat name: 8
Infected objects: 87
Suspicious objects: 0
Duration of the scan: 01:29:47


File name / Threat name / Threats count
C:\Documents and Settings\Yasmeen\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.97974 Infected: Trojan.Win32.VB.aqt 1
C:\RECYCLER\S-1-5-21-3071629650-2331959687-3909531613-1006\Dc10.exe Infected: Trojan-Dropper.Win32.Small.apl 1
C:\RECYCLER\S-1-5-21-3071629650-2331959687-3909531613-1006\Dc11.exe Infected: Trojan-Dropper.Win32.Small.apl 1
C:\RECYCLER\S-1-5-21-3071629650-2331959687-3909531613-1006\Dc12.exe Infected: Worm.Win32.Perlovga.a 1
C:\RECYCLER\S-1-5-21-3071629650-2331959687-3909531613-1006\Dc13.exe Infected: Worm.Win32.Perlovga.c 1
C:\RECYCLER\S-1-5-21-3071629650-2331959687-3909531613-1006\Dc14.exe Infected: Trojan-Dropper.Win32.Small.apl 1
C:\RECYCLER\S-1-5-21-3071629650-2331959687-3909531613-1006\Dc15.exe Infected: Backdoor.Win32.Small.lo 1
C:\RECYCLER\S-1-5-21-3071629650-2331959687-3909531613-1006\Dc16.exe Infected: Worm.Win32.Perlovga.a 1
C:\RECYCLER\S-1-5-21-3071629650-2331959687-3909531613-1006\Dc17.exe Infected: Worm.Win32.Perlovga.a 1
C:\RECYCLER\S-1-5-21-3071629650-2331959687-3909531613-1006\Dc9.exe Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP329\A0047432.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP329\A0047449.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP330\A0047456.exe Infected: Worm.Win32.Delf.bd 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP330\A0047470.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP331\A0047487.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP332\A0048501.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP332\A0048513.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP333\A0048527.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP333\A0048539.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP334\A0048556.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP335\A0048562.exe Infected: Virus.Win32.Tenga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP335\A0048580.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP337\A0048594.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP338\A0048612.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP339\A0048627.exe Infected: Worm.Win32.Delf.bd 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP339\A0048659.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP341\A0048784.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP341\A0048788.exe Infected: Worm.Win32.Delf.bd 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP347\A0048861.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP350\A0048889.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP351\A0048898.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP351\A0048908.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP352\A0048919.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP352\A0048931.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP354\A0048977.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP354\A0049977.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP354\A0049991.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP356\A0050004.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP358\A0050058.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP359\A0050079.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP361\A0050118.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP361\A0050155.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP362\A0050169.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP364\A0050178.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP364\A0050188.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP364\A0050206.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP365\A0050210.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP365\A0050219.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP366\A0050221.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP366\A0051235.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP366\A0051244.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP366\A0051388.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP367\A0051401.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP369\A0051500.inf Infected: Worm.Win32.Perlovga.a 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP369\A0051501.exe Infected: Trojan.Win32.VB.aqt 1
C:\System Volume Information\_restore{002A1DDE-452E-4AFD-B83E-56BC28B50F88}\RP369\A0051505.inf Infected: Worm.Win32.Perlovga.a 1
C:\WINDOWS\system32\oobe\ISPSoftware\BTYahoo\BroadbandFromBT.exe Infected: not-a-virusialer.Win32.BT.g 1
C:\_OTMoveIt\MovedFiles\06122008_194442\AUTORUN.FCB Infected: Worm.Win32.Perlovga.a 1
C:\_OTMoveIt\MovedFiles\06122008_194442\AUTORUN.INF Infected: Trojan.Win32.VB.aqt 1
C:\_OTMoveIt\MovedFiles\06122008_194442\Documents and Settings\Yasmeen\Desktop\New Folder\codecs\CODEC XviD.exe Infected: Virus.Win32.Tenga.a 1
C:\_OTMoveIt\MovedFiles\06122008_194442\Documents and Settings\Yasmeen\Desktop\New Folder\codecs\SLDcodecpack1.5.exe Infected: Virus.Win32.Tenga.a 1
C:\_OTMoveIt\MovedFiles\06122008_194442\Documents and Settings\Yasmeen\Desktop\New Folder\codecs\Ultimate XP DivX Codec - Nimo433 .exe Infected: Virus.Win32.Tenga.a 1
C:\_OTMoveIt\MovedFiles\06122008_194442\Documents and Settings\Yasmeen\Desktop\New Folder\codecs\uXviD-15012003-1 (1).exe Infected: Virus.Win32.Tenga.a 1
C:\_OTMoveIt\MovedFiles\06122008_194442\Documents and Settings\Yasmeen\Desktop\New Folder\codecs\uXviD-15012003-1.exe Infected: Virus.Win32.Tenga.a 1
C:\_OTMoveIt\MovedFiles\06122008_194442\Documents and Settings\Yasmeen\Desktop\New Folder\codecs\XviD_Install.exe Infected: Virus.Win32.Tenga.a 1
C:\_OTMoveIt\MovedFiles\06122008_194442\Documents and Settings\Yasmeen\Desktop\New Folder\DLINK DSL\start.exe Infected: Virus.Win32.Tenga.a 1
C:\_OTMoveIt\MovedFiles\06122008_194442\Documents and Settings\Yasmeen\Desktop\New Folder\GameSetup.exe Infected: Worm.Win32.Delf.bd 1
C:\_OTMoveIt\MovedFiles\06122008_194442\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay\Docs\BTMagic\Rescueme\DOSYSTEM\FLOPPY.EXE Infected: Virus.Win32.Tenga.a 1
C:\_OTMoveIt\MovedFiles\06122008_194442\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay\Docs\BTMagic\Rescueme\DOSYSTEM\FLOPPY9x.EXE Infected: Virus.Win32.Tenga.a 1
C:\_OTMoveIt\MovedFiles\06122008_194442\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay\Docs\BTMagic\Rescueme\DOSYSTEM\FLOPPYME.EXE Infected: Virus.Win32.Tenga.a 1
C:\_OTMoveIt\MovedFiles\06122008_194442\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay\Docs\BTMagic\Rescueme\DOSYSTEM\PTEDIT32.EXE Infected: Virus.Win32.Tenga.a 1
C:\_OTMoveIt\MovedFiles\06122008_194442\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay\Docs\BTMagic\Rescueme\setup.exe Infected: Virus.Win32.Tenga.a 1
C:\_OTMoveIt\MovedFiles\06122008_194442\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay\Docs\BTMagic\Setup\instmsia.exe Infected: Virus.Win32.Tenga.a 1
C:\_OTMoveIt\MovedFiles\06122008_194442\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay\Docs\BTMagic\Setup\instmsiw.exe Infected: Virus.Win32.Tenga.a 1
C:\_OTMoveIt\MovedFiles\06122008_194442\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay\Docs\BTMagic\Setup\setup.exe Infected: Virus.Win32.Tenga.a 1
C:\_OTMoveIt\MovedFiles\06122008_194442\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay\Docs\RESCUEME\DOSYSTEM\FLOPPY.EXE Infected: Virus.Win32.Tenga.a 1
C:\_OTMoveIt\MovedFiles\06122008_194442\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay\Docs\RESCUEME\DOSYSTEM\FLOPPY9x.EXE Infected: Virus.Win32.Tenga.a 1
C:\_OTMoveIt\MovedFiles\06122008_194442\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay\Docs\RESCUEME\DOSYSTEM\FLOPPYME.EXE Infected: Virus.Win32.Tenga.a 1
C:\_OTMoveIt\MovedFiles\06122008_194442\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay\Docs\RESCUEME\DOSYSTEM\PTEDIT32.EXE Infected: Virus.Win32.Tenga.a 1
C:\_OTMoveIt\MovedFiles\06122008_194442\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay\Docs\RESCUEME\setup.exe Infected: Virus.Win32.Tenga.a 1
C:\_OTMoveIt\MovedFiles\06122008_194442\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay\Docs\Setup\instmsia.exe Infected: Virus.Win32.Tenga.a 1
C:\_OTMoveIt\MovedFiles\06122008_194442\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay\Docs\Setup\instmsiw.exe Infected: Virus.Win32.Tenga.a 1
C:\_OTMoveIt\MovedFiles\06122008_194442\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\AutoPlay\Docs\Setup\setup.exe Infected: Virus.Win32.Tenga.a 1
C:\_OTMoveIt\MovedFiles\06122008_194442\Documents and Settings\Yasmeen\Desktop\New Folder\partition Magic 8\autorun.exe Infected: Virus.Win32.Tenga.a 1
C:\_OTMoveIt\MovedFiles\06122008_194442\Documents and Settings\Yasmeen\Desktop\yyy\pix\hussein\New Folder (2)\New Folder\autorun.inf Infected: Worm.Win32.Perlovga.a 1
C:\_OTMoveIt\MovedFiles\06122008_194442\Recycled\ctfmon.exe Infected: Trojan.Win32.VB.aqt 1
C:\_OTMoveIt\MovedFiles\06122008_194442\Recycled\Recycled\ctfmon.exe Infected: Trojan.Win32.VB.aqt 1

The selected area was scanned.

 

Hi Andy
OK great.

Now do this.

• Please double-click OTMoveIt.exe to run it.
• Click on the CleanUp! button. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
• This step removes the files, folders, and shortcuts created by the tools I had you download and run.

Open MBAM click on the quatantine tab click on Delete all, answer yes to any prompts.


Empty your recycle bin or run ATF Cleaner.


We need to turn off and on system restore. There are infections in it and by using system restore you would reinfect yourself.

You must be logged in as an Administrator to do this. If you are not logged in as an Administrator, the System Restore tab will not be displayed.
Turning off System Restore will clear out all previous restore points.

To turn off Windows XP System Restore:
NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:
1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives. "
5. Click Apply, and then click OK
6. Make a new restore point.
7. Click Start, All Programs, Accessories, System Tools, System Restore.
Choose Create a restore point and clicked Next, Under "Type a description for your restore point…â€put a name in the box,. Click Create. In the next window click Close.

OK now, one more Kaspersky log.

After doing the above Let me know if that helped your IE problem and WiFi.

Thanks
Geri

 

Hi Geri,

I guess we are way better now 2 viruses spotted by Kaspersky...Below is the log...as for the IE and Wifi problem I am still have the probems..

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, June 13, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, June 12, 2008 20:25:45
Records in database: 857146
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
G:\

Scan statistics:
Files scanned: 65612
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 01:10:20


File name / Threat name / Threats count
C:\Documents and Settings\Yasmeen\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.97974 Infected: Trojan.Win32.VB.aqt 1
C:\WINDOWS\system32\oobe\ISPSoftware\BTYahoo\BroadbandFromBT.exe Infected: not-a-virusialer.Win32.BT.g 1

The selected area was scanned.

 

Hi Geri,

4got to tell you that in the IE report after it freezes i always get the below when i choose to send the report:

SZappname:iexplorer.exe
SzMod name:hungapp

I hope this piece info will help out..

 

Hi Andy
OK
One of those is in the quarantine folder of MBAM.
The other has to do with Yahoo. ISPSoftware\BTYahoo.
Does that sound familiar

I'll see what I can dig up on that error message.

Geri

 

Hi Andy

Go here and follow the directions.
http://support.microsoft.com/gp/pc_ie_methodthree0100

Let me know if that worked.

Geri

 

Hi Geri,

IE is working erfectly fine now!!

I have no idea what's ISPSoftware\BTYahoo. how do i remove it???

 

Hi Andy

Ok, I'm not sure that it is not part of Yahoo, Yahoo is your ISP is it not?

For now lets not remove it, lets do it this way to make sure it won't effect your internet.

Follow this path and rename the folder BTYahoo, right click on it and click on rename, rename it to BTYahoo.old

C:\WINDOWS\system32\oobe\ISPSoftware\BTYahoo

Close your internet connection, and reconnect. If you have a problem reconnecting go back and remove the .old

Let me know what happens.

Geri

 

Hi Geri,

I tried it and the connection is working perfectly...I don't use Yahoo to connect..I use DSL

What shall I do next???

 

Hi Andy

OK you can go back in and delete it.

I believe we're done here.

Let me know how things are running. then I'll leave you with some recommendations.

Geri

 

Hi Geri,

Thanks a lot for your help mate...really appreciated....everything is working fine now...
I uninstalled Norton and set up AVG...

 

Hi Andy
OK Great,
Glad I could help.

Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Spyware and Virus Removal Forums.
http://www.windowsbbs.com/showthread.php?t=67958

I'll mark this one resolved.

Surf Safely
Geri