Tech Support Forum - View Single Post

greyknight17 · 06-15-2005, 06:11 PM

You have to stop downloading those cracks. It's not doing your machine any good.

OK, I only edited some of these since you had too many there, but you should see what files I want you to delete.

Delete these:

C:\WINDOWS\System32\admdll.dll tagged as not-a-virus:RemoteAdmin.Win32.RAdmin.20. No Action Taken.
File C:\WINDOWS\System32\raddrv.dll tagged as not-a-virus:RemoteAdmin.Win32.RAdmin.20. No Action Taken.
File C:\WINDOWS\System32\r_server.exe tagged as not-a-virus:RemoteAdmin.Win32.RAdmin.21. No Action Taken.
File C:\Documents and Settings\IaM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-6234a237-739aefb6.zip infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\IaM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv684.jar-6c93babb-630a3831.zip infected by "Trojan-Downloader.Java.OpenStream.c" Virus! Action Taken: No Action Taken.
File C:\downloads\appz\new appz\BulletProof.FTP.Server.v2.30.15.WinAll.Cracked.rar tagged as not-a-virus:Tool.Win32.ServiceRunner.d. No Action Taken.
File C:\downloads\appz\new appz\PC-cillin 2004 Crack Activator.zip tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
File C:\downloads\appz\new appz\susetup.exe tagged as not-a-virus:Server-FTP.Win32.Serv-U.5201. No Action Taken.
File C:\downloads\appz\new appz1\radmin22.zip tagged as not-a-virus:RemoteAdmin.Win32.RAdmin.22. No Action Taken.
File C:\downloads\appz\new appz1\setup_ares.exe tagged as "not-a-virus:AdWare.NavExcel.d". Action Taken: No Action Taken.
File C:\downloads\appz\new appz1\winamp504.rar tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
File C:\downloads\appz\new appz3\crack Babylon_Pro_5.0.0_r78_.zip tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
File C:\downloads\appz\new appz3\CRACK-WinZip_v9.0_6028_.zip tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
File C:\downloads\appz\new appz3\mirc614.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.14. No Action Taken.
File C:\downloads\appz\new appz3\radmin21.zip tagged as not-a-virus:RemoteAdmin.Win32.RAdmin.20. No Action Taken.
File C:\downloads\appz\new appz3\scrcam.exe
C:\downloads\ebooks\(ebook - html-txt) - complete_set_of_hacking_tools+manuals.zip
C:\downloads\new appz\check if burn already\curl-7.13.2.zip
C:\downloads\new appz\NewsBin_Pro_v4[1].3_build_4892.zip
C:\downloads\new appz\NewsBin_Pro_v4[1].3_build_4892_Crack_by_Morglum.zip
C:\Program Files\Babylon\crack.exe
C:\Program Files\Trend Micro\Internet Security\PC-cillin 2004 Crack Activator.exe
C:\WINDOWS\Downloaded Program Files\launcher.ocx
C:\WINDOWS\LastGood\Downloaded Program Files\CONFLICT.1\
C:\WINDOWS\system32\admdll.dll

Any ideas what these are for?

C:\Program Files\bf\AddOns\G6Service.exe
C:\Program Files\bf\eatbfs23.rar

Click on Start->Settings->Control Panel->Java Plug-in and click on the Cache tab. Then click on the Clear button and hit OK.

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. OK, before we go on, I want you to take note of this first. This program will wipe out all files in your Temporary folders, any file extensions that have a tilde (~) in it, .bak files, .chk files, .tmp files and index.dat files. Most of you should be ok with this, but there may be some who need these files. If you are one of them, do not follow this step. Post back a reply telling us about this. So if that's ok, then download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. Run CleanUp! and click on CleanUp! button. Once it's done, you may click the Close button. When asked if you want to logoff, choose No.

Restart and do this:

Right click on http://www.silentrunners.org/Silent%20Runners.vbs and choose Save As...Save it to your Desktop. Make sure you have disabled any programs that may block/disable scripts (ex: Ad-Watch, TeaTimer, Norton, etc.). Double click on 'Silent Runners' to run it. This will take a few minutes. It will create a file called 'Startup Programs' followed by your computer name and current date. Open up that file and post all the contents here in your next post.

06-15-2005, 06:11 PM	#11 (permalink)
greyknight17 Analyst, Security Team Join Date: Jul 2004 Location: New York Posts: 14,331 OS: Windows 98 & Windows XP Home/Pro My System	You have to stop downloading those cracks. It's not doing your machine any good. OK, I only edited some of these since you had too many there, but you should see what files I want you to delete. Delete these: C:\WINDOWS\System32\admdll.dll tagged as not-a-virus:RemoteAdmin.Win32.RAdmin.20. No Action Taken. File C:\WINDOWS\System32\raddrv.dll tagged as not-a-virus:RemoteAdmin.Win32.RAdmin.20. No Action Taken. File C:\WINDOWS\System32\r_server.exe tagged as not-a-virus:RemoteAdmin.Win32.RAdmin.21. No Action Taken. File C:\Documents and Settings\IaM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-6234a237-739aefb6.zip infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken. File C:\Documents and Settings\IaM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv684.jar-6c93babb-630a3831.zip infected by "Trojan-Downloader.Java.OpenStream.c" Virus! Action Taken: No Action Taken. File C:\downloads\appz\new appz\BulletProof.FTP.Server.v2.30.15.WinAll.Cracked.rar tagged as not-a-virus:Tool.Win32.ServiceRunner.d. No Action Taken. File C:\downloads\appz\new appz\PC-cillin 2004 Crack Activator.zip tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken. File C:\downloads\appz\new appz\susetup.exe tagged as not-a-virus:Server-FTP.Win32.Serv-U.5201. No Action Taken. File C:\downloads\appz\new appz1\radmin22.zip tagged as not-a-virus:RemoteAdmin.Win32.RAdmin.22. No Action Taken. File C:\downloads\appz\new appz1\setup_ares.exe tagged as "not-a-virus:AdWare.NavExcel.d". Action Taken: No Action Taken. File C:\downloads\appz\new appz1\winamp504.rar tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken. File C:\downloads\appz\new appz3\crack Babylon_Pro_5.0.0_r78_.zip tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken. File C:\downloads\appz\new appz3\CRACK-WinZip_v9.0_6028_.zip tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken. File C:\downloads\appz\new appz3\mirc614.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.14. No Action Taken. File C:\downloads\appz\new appz3\radmin21.zip tagged as not-a-virus:RemoteAdmin.Win32.RAdmin.20. No Action Taken. File C:\downloads\appz\new appz3\scrcam.exe C:\downloads\ebooks\(ebook - html-txt) - complete_set_of_hacking_tools+manuals.zip C:\downloads\new appz\check if burn already\curl-7.13.2.zip C:\downloads\new appz\NewsBin_Pro_v4[1].3_build_4892.zip C:\downloads\new appz\NewsBin_Pro_v4[1].3_build_4892_Crack_by_Morglum.zip C:\Program Files\Babylon\crack.exe C:\Program Files\Trend Micro\Internet Security\PC-cillin 2004 Crack Activator.exe C:\WINDOWS\Downloaded Program Files\launcher.ocx C:\WINDOWS\LastGood\Downloaded Program Files\CONFLICT.1\ C:\WINDOWS\system32\admdll.dll Any ideas what these are for? C:\Program Files\bf\AddOns\G6Service.exe C:\Program Files\bf\eatbfs23.rar Click on Start->Settings->Control Panel->Java Plug-in and click on the Cache tab. Then click on the Clear button and hit OK. The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. OK, before we go on, I want you to take note of this first. This program will wipe out all files in your Temporary folders, any file extensions that have a tilde (~) in it, .bak files, .chk files, .tmp files and index.dat files. Most of you should be ok with this, but there may be some who need these files. If you are one of them, do not follow this step. Post back a reply telling us about this. So if that's ok, then download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. Run CleanUp! and click on CleanUp! button. Once it's done, you may click the Close button. When asked if you want to logoff, choose No. Restart and do this: Right click on http://www.silentrunners.org/Silent%20Runners.vbs and choose Save As...Save it to your Desktop. Make sure you have disabled any programs that may block/disable scripts (ex: Ad-Watch, TeaTimer, Norton, etc.). Double click on 'Silent Runners' to run it. This will take a few minutes. It will create a file called 'Startup Programs' followed by your computer name and current date. Open up that file and post all the contents here in your next post. __________________ Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. Adaware :: CWShredder :: HijackThis :: Panda ActiveScan :: Spybot S&D Anti-Spyware Tutorial :: Spyware Prevention Tools