Tech Support Forum - View Single Post - Help

Ried · 12-02-2005, 07:36 AM

Hi Emmanuel,

A little bit of progress, but the main infections are still present.

Download WinPFInd http://www.bleepingcomputer.com/files/oldtimer/WinPFind.zip and extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder. Do Not run it yet.

Download Trackqoo http://www.geekstogo.com/downloads/Trackqoo.zip
Save it somewhere you will remember like the Desktop. Unzip the Track qoo.vbs inside to your desktop. DO NOT run it yet.

Use this online scanner:

Perform an online scan using Internet Explorer with Kaspersky WebScanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
*The program will launch and then begin downloading the latest definition files:
*Once the files have been downloaded click on NEXT
*Now click on Scan Settings
*In the scan settings make that the following are selected:
*Scan using the following Anti-Virus database:
*Standard
*Scan Options:
*Scan Archives
*Scan Mail Bases
*Click OK
*Now under select a target to scan:
*Select My Computer
*This will program will start and scan your system.
*The scan will take a while so be patient and let it run.
*Once the scan is complete it will display if your system has been infected.
*Now click on the Save as Text button:
*Save the file to your desktop.
*Copy and paste that information in your next post.

Reboot into Safe Mode.

Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.! Once the Scan is Complete it will make a txt file (log) of what was found. Save that log and post it here.

Restart one more time back into Normal Mode. Run a scan with HijackThis and save the log.

Locate & double-click on TrackQoo1.vbs . Wait a few seconds and a notepad page will pop up, Copy & Paste those results in your next post
* If your Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!

So I will need the following logs:

Kaspersky Results
WPFind
Trackqoo
HijackThis

12-02-2005, 07:36 AM	#12 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,555 OS: WinXP and Vista	Hi Emmanuel, A little bit of progress, but the main infections are still present. Download WinPFInd http://www.bleepingcomputer.com/files/oldtimer/WinPFind.zip and extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder. Do Not run it yet. Download Trackqoo http://www.geekstogo.com/downloads/Trackqoo.zip Save it somewhere you will remember like the Desktop. Unzip the Track qoo.vbs inside to your desktop. DO NOT run it yet. Use this online scanner: Perform an online scan using Internet Explorer with Kaspersky WebScanner You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings* In the scan settings make that the following are selected: Scan using the following Anti-Virus database: *Standard *Scan Options: *Scan Archives *Scan Mail Bases *Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post. Reboot into Safe Mode. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.! Once the Scan is Complete it will make a txt file (log) of what was found. Save that log and post it here. Restart one more time back into Normal Mode. Run a scan with HijackThis and save the log. Locate & double-click on TrackQoo1.vbs . Wait a few seconds and a notepad page will pop up, Copy & Paste those results in your next post * If your Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless! So I will need the following logs: Kaspersky Results WPFind Trackqoo HijackThis __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."