Re: SPyware/Malware help needed

Dave,
Followed your instructions. Did not work... Logs pasted below, normal then
safe mode.

Virus Scan Report File

--------------------------------------------------------------------------------
Virus Scan Information
--------------------------------------------------------------------------------

McAfee VirusScan for Win32 v4.40.0
Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights
reserved.
(408) 988-3832 LICENSED COPY - Sep 23 2004

Scan engine v4.4.00 for Win32.
Virus data file v4668 created Jan 05 2006
Scanning for 169169 viruses, trojans and variants.


--------------------------------------------------------------------------------
Virus Scan Results
--------------------------------------------------------------------------------




01/06/2006 12:30:02


Options:
/ADL /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL
/PROGRAM /EXCLUDE C:\MCAFEE\EXCLIST.TXT /HTML "C:\MCAFEE\SCANREPORT.HTML"

Scanning C: [IBM_PRELOAD]
Scanning C:\*.*
C:\Documents and Settings\MGAPA\My Documents\My Archive\Download\Fun
programs\cat.exe ... Found potentially unwanted program Joke-ScreenMates.
The file or process has been deleted.

Summary report on C:\*.*
File(s)
Total files: ........... 243619
Clean: ................. 242622
Possibly Infected: ..... 0
Cleaned: ............... 0
Deleted: ............... 1
Non-critical Error(s): 2
Master Boot Record(s): ......... 1
Possibly Infected: ..... 0
Boot Sector(s): ................ 1
Possibly Infected: ..... 0


Time: 01:10.40



--------------------------------------------------------------------------------

Visit the McAfee Online Web Site
Need some help or advice? Send email to Technical Support.


Virus Scan Report File

--------------------------------------------------------------------------------
Virus Scan Information
--------------------------------------------------------------------------------

McAfee VirusScan for Win32 v4.40.0
Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights
reserved.
(408) 988-3832 LICENSED COPY - Sep 23 2004

Scan engine v4.4.00 for Win32.
Virus data file v4668 created Jan 05 2006
Scanning for 169169 viruses, trojans and variants.


--------------------------------------------------------------------------------
Virus Scan Results
--------------------------------------------------------------------------------




01/06/2006 13:50:50


Options:
/ADL /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL
/PROGRAM /EXCLUDE C:\MCAFEE\EXCLIST.TXT /HTML "C:\MCAFEE\SCANREPORT.HTML"

Scanning C: [IBM_PRELOAD]
Scanning C:\*.*

Summary report on C:\*.*
File(s)
Total files: ........... 243626
Clean: ................. 242652
Possibly Infected: ..... 0
Cleaned: ............... 0
Non-critical Error(s): 2
Master Boot Record(s): ......... 1
Possibly Infected: ..... 0
Boot Sector(s): ................ 1
Possibly Infected: ..... 0


Time: 01:53.08



--------------------------------------------------------------------------------

Visit the McAfee Online Web Site
Need some help or advice? Send email to Technical Support.

"David H. Lipman" wrote:

> From: "Mike" <Mike@xxxxxxxxxxxxxxxxxxxxxxxxx>
>
> | Dave,
> | Thanks for your post. I followed very similiar instructions from Trend Micro
> | (pasted below). They did not work for me (i.e. Spyaxe still there, in fact,
> | it was in system tray in safe mode). Would you suggest any modifications?
> | Please note that I did install the update from MSFT KB 912919, from Windows
> | Update.
> | Thanks,
> | Mike
> |
>
>
>
> Two part reply..
>
> Perform Part 1 then perform Part 2.
>
> If the first two parts don't work, perform the alternate utility.
>
> It is suggested that you execute each tool in Normal Mode then in Safe Mode.
>
> If you are using any version of Sun Java that is prior to JRE Version 5.0,
> then you are strongly urged to remove any/all versions that are prior to JRE
> Version 5.0. There are vulnerabilities in them and they are actively being exploited.
> It is possible that is how you got infected with malware.
>
> Therefore, it is highly suggested that if there are any prior versions of Sun Java
> to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0 Update 6
> be installed ASAP.
>
> http://www.java.com/en/download/manual.jsp
>
>
>
> Part 1
> -----------
>
> Use noahdfear's SmitFraud and SpyAxe removal tool -- SmitRem.exe
> http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
>
> http://www.bleepingcomputer.com/forums/topic36868.html
>
>
> Part 2
> -----------
>
> Download SmitFraud.exe from the URL --
> http://www.ik-cs.com/programs/virtools/SmitFraud.exe
>
> Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
> Choose; Unzip
> Choose; Close
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
> FireWall to enable WGET.EXE to download the needed McAfee related files.
>
> Execute; c:\mcafee\clean.bat
> { or Double-click on 'Clean Link' in c:\mcafee }
>
> A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
> end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
> It is suggested that you move the report out of c:\mcafee before performing another scan.
>
> ALTERNATE:
>
> Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal tool.
>
> http://secured2k.home.comcast.net/tools/AntiPuper.exe
>
> http://forums.mcafeehelp.com/viewtopic.php?t=65072
>
>
> Please Copy and Paste the contents of the HTML Log file; C:\mcafee\ScanReport.HTML in your
> reply.
>
> * * * Please report back your results * * *
>
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>
.

Relevant Pages

  • Re: SCAN.EXE - McAfee AntiVirus Software
    ... | of network computers and have only report summaries sent to be via email. ... having Alert Manager receive alerts and send selected personnel NetBIOS pop-ups upon ... There are three parts to McAfee: ... | Virus Scan Report File ...
    (microsoft.public.security.virus)
  • Re: Desktop display problem, but solutions not working
    ... but it couldn't find a backup WININT.dll or a McAfee ... Virus Scan Report File ... Scanning for 169582 viruses, trojans and variants. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Got Alemon Trojan... deleted but cant change wallpaper
    ... Here's the information in the Virus Scan Report File ... Visit the McAfee Online Web Site ... | wallpaper to an .html file. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: annoying pop up message
    ... Virus Scan Report File ... McAfee VirusScan for Win32 v4.40.0 ... It is suggested that you execute each tool in Normal Mode then in Safe Mode. ...
    (microsoft.public.windowsxp.general)
  • Re: Zlob Trojan - Newbie on group - Help please!
    ... Virus Scan Report File ... Scan engine v4.4.00 for Win32. ... Found potentially unwanted program ...
    (alt.comp.anti-virus)