Tech Support Forum - View Single Post

sUBs · 07-15-2005, 02:28 AM

There's something wrong.

The logs you posted are incorrect. There wasn't supposed to be a log for DelO15domain. You were suppposed to right click on DelO15Domains.inf and choose Install. It will simply run w/o creating a log. The log you posted was merely the contents of the DelO15domain script. Pls re-do the step again.

You also posted the wrong log for peek2.bat. You posted the contents of the script again. Please do this..

Enable the viewing of Hidden files
1. From Windows Explorer, go to Tools>Folder Options>View tab.
2. enable the option for `Show hidden files and folder´
3. disable the option for `Hide file extensions for known types´
4. disable the option for `Hide protected operating system files´
5. click "Yes" to confirm & then click "OK"

Take another look at peek2.bat. Is the name correct? is it peek2.bat or peek2.txt ?

= = = = = = = = = = =

Copy to clipboard, all the items below by highlighting them & pressing [CTRL]+[C] on your keyboard.

C:\WINDOWS\msxct1.ini
C:\WINDOWS\Downloaded Program Files\load.exe
C:\WINDOWS\toolbar.exe
C:\Documents and Settings\All Users\Favorites\AdultGambling.url
C:\Documents and Settings\All Users\Favorites\Free Online Dating.url
C:\Documents and Settings\All Users\Favorites\**** Real Girls.url
C:\Documents and Settings\All Users\Favorites\Kill Annoying Popups.url
C:\Documents and Settings\All Users\Favorites\Online Sex Poker Rooms.url
C:\Documents and Settings\All Users\Favorites\Play Adult-Poker.url
C:\Documents and Settings\All Users\Favorites\Remove Toolbars.url
C:\Documents and Settings\All Users\Favorites\Spyware Uninstall.url
C:\Documents and Settings\All Users\Favorites\XXX personal photos.url
C:\new.exe
C:\WINDOWS\Downloaded Program Files\MirarSetup.exe
C:\WINDOWS\msxct1.ini
C:\WINDOWS\system32\backup.old
C:\WINDOWS\system32\cassandra.exe
C:\WINDOWS\system32\fjeobdaa.tmp
C:\WINDOWS\system32\mnmrspl.exe
C:\WINDOWS\system32\mnooi.dll

Start KillBox.
Go to the File menu, and choose Paste from Clipboard * this feature does not work on older versons of Killbox

Tell me more about the AVG detections. Infection names & locations..
Click the dropdown-arrow next to the "Full Path of File to Delete" field.
Verify that the filenames you pasted are found in there.
Select/tick the following:
* Replace on Reboot
* Use Dummy
* End Explorer Shell While Killing File
* "Unregister.dll Before Deleting" * if it's not grayed out
Click the RED X button.
Click "Yes" at the 'Delete on Reboot' prompt.
Click "Yes" at the 'Pending Operations' prompt.

* If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

= = = = = = = = = = =

07-15-2005, 02:28 AM	#9 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,353 OS: N/A	There's something wrong. The logs you posted are incorrect. There wasn't supposed to be a log for DelO15domain. You were suppposed to right click on DelO15Domains.inf and choose Install. It will simply run w/o creating a log. The log you posted was merely the contents of the DelO15domain script. Pls re-do the step again. You also posted the wrong log for peek2.bat. You posted the contents of the script again. Please do this.. Enable the viewing of Hidden files 1. From Windows Explorer, go to Tools>Folder Options>View tab. 2. enable the option for `Show hidden files and folder´ 3. disable the option for `Hide file extensions for known types´ 4. disable the option for `Hide protected operating system files´ 5. click "Yes" to confirm & then click "OK" Take another look at peek2.bat. Is the name correct? is it peek2.bat or peek2.txt ? = = = = = = = = = = = Copy to clipboard, all the items below by highlighting them & pressing [CTRL]+[C] on your keyboard. C:\WINDOWS\msxct1.ini C:\WINDOWS\Downloaded Program Files\load.exe C:\WINDOWS\toolbar.exe C:\Documents and Settings\All Users\Favorites\AdultGambling.url C:\Documents and Settings\All Users\Favorites\Free Online Dating.url C:\Documents and Settings\All Users\Favorites\** Real Girls.url C:\Documents and Settings\All Users\Favorites\Kill Annoying Popups.url C:\Documents and Settings\All Users\Favorites\Online Sex Poker Rooms.url C:\Documents and Settings\All Users\Favorites\Play Adult-Poker.url C:\Documents and Settings\All Users\Favorites\Remove Toolbars.url C:\Documents and Settings\All Users\Favorites\Spyware Uninstall.url C:\Documents and Settings\All Users\Favorites\XXX personal photos.url C:\new.exe C:\WINDOWS\Downloaded Program Files\MirarSetup.exe C:\WINDOWS\msxct1.ini C:\WINDOWS\system32\backup.old C:\WINDOWS\system32\cassandra.exe C:\WINDOWS\system32\fjeobdaa.tmp C:\WINDOWS\system32\mnmrspl.exe C:\WINDOWS\system32\mnooi.dll Start KillBox. Go to the File menu, and choose Paste from Clipboard** * this feature does not work on older versons of Killbox Tell me more about the AVG detections. Infection names & locations.. Click the dropdown-arrow next to the "Full Path of File to Delete" field. Verify that the filenames you pasted are found in there. Select/tick the following: * Replace on Reboot * Use Dummy * End Explorer Shell While Killing File * "Unregister.dll Before Deleting" * if it's not grayed out Click the RED X button. Click "Yes" at the 'Delete on Reboot' prompt. Click "Yes" at the 'Pending Operations' prompt. * If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try Killbox again. = = = = = = = = = = = __________________ Question - what have you done for the community today?