Re: bloodhound.w32.ep
From: mrstan (mrstan_at_discussions.microsoft.com)
Date: 01/04/05
- Next message: mrstan: "RE: bloodhound.exploit.6"
- Previous message: Malke: "Re: mfcid32.exe spawns with 100% cpu occupancy"
- Maybe in reply to: mrstan: "bloodhound.w32.ep"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 4 Jan 2005 06:33:03 -0800
finally this was very helpful. it is gone. Now i have 2 other problems.
ISTsvc.exe. I have been jumbling around with it, and finally got a symantec
(NA) program and ran it on the computer. It stated that IST was removed from
the computer. I seem to still have the problem. damn spyware. I am presently
rerunning spyware doctor and ad-aware, then i am going to run the program to
remove it again. Hoping it will take it out for sure.
Now about:Blank is still showing up and this is part of the ISTsvc.exe
hijack. So i am thinking the program didnt do it completely.
secondly I am running roadrunner cable modem and since messing around with
it so much, I am now unable to connect to the internet via my browser.
Updates are able to connect, so the connection is active. any ideas?
"Jim Byrd" wrote:
> Hr Mr. Stan - Sometimes the tools will find files which they are unable to
> delete because they are in use. A program called Copylock, here,
> http://noeld.com/programs.asp?cat=misc#CopyLock can aid in the process of
> "replacing, moving, renaming or deleting one or many files which are
> currently in use (e.g. system files like comctl32.dll, or virus/trojan
> files.)" Another is Killbox, here:
> http://www.downloads.subratam.org/KillBox.zip
> A third which is a bit different but often useful is Delete Invalid File,
> here: http://www.purgeie.com/delinv.htm which handles invalid/UNC
> file/folder name deleting, rather than the in use problem.
>
> --
> Please respond in the same thread.
> Regards, Jim Byrd, MS-MVP
>
>
>
> In news:B3B4CE02-ABFB-42C8-9E5B-CB17AE5ACAC4@microsoft.com,
> mrstan <mrstan@discussions.microsoft.com> typed:
> > I did go to safe mode and was still unable to remove it. is there a
> > way to delete a right protected file which is what they are, other
> > than safe mode.?
> >
> > "Max M.Wachtel III" wrote:
> >
> >> mrstan wrote:
> >>> Ok the last posts on this topic were unhelpful. The tools mention
> >>> were, yes, able to find the virus, but unable to do anything about
> >>> it. I have been to many websites and attempted their solutions and
> >>> have been unsuccessful. Yes, I have norton antivirus and even
> >>> updating that did not help. The virus is in 4 locations.
> >>> C:\Windows\System32\ys|32.exe
> >>> " " " \Kalvndh32.exe
> >>> C:|Documents and Settings\\Owner\Local Settings\Temporary Internet
> >>> Files\Content.IE5\Wl2RG5V7\portector[1].exe
> >>> " " \55MJWLl3\Silent[1].exe
> >>>
> >>> adaware noadware panda ... etc etc have had not help except
> >>> locating and NAV states they cannot remove it
> >>> Mrstan
> >> If it is in memory you will not be able to delete it.
> >> NoAdaware should be removed from your computer.
> >> I was reading through the other posts.Did you run all programs I
> >> listed? Try running them in safe mode.
> >> Did you try A^2,eScan,Sysclean,BeClean(for cleaning out temp
> >> files),or TDS-3? I have links on my sites.
> >> -max
> >> --
> >> Virus Removal Instructions: http://www.geocities.com/maxpro4u/
> >> Keeping Windows Clean: http://www.geocities.com/maxpro4u/madmax.html
> >> Virus Cleaning+Fixes: http://www.geocities.com/maxpro4u/TechPros
> >> Change nomail.afraid.org to neo.rr.com so you can reply by e-mail
> >> (nomail.afraid.org has been set up specifically for
> >> use in Usenet. Feel free to use it yourself.)
>
>
- Next message: mrstan: "RE: bloodhound.exploit.6"
- Previous message: Malke: "Re: mfcid32.exe spawns with 100% cpu occupancy"
- Maybe in reply to: mrstan: "bloodhound.w32.ep"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
