Tech Support Forum - View Single Post

galefly · 03-20-2006, 09:02 PM

Ried,

1.Regedit deletions went ok but the first two seemed identical to me. Am I missing something?

2. The following is the Panda file from 3/16/06 that i failed to post

Incident Status Location

Adware:adware/tvmedia Not disinfected C:\Documents and Settings\Brenda\Application Data\tvmcwrd.dll
Adware:adware/ncase Not disinfected C:\WINDOWS\didduid.ini
Adware:adware/sidesearch Not disinfected C:\PROGRAM FILES\Lycos
Adware:adware/xupiter Not disinfected C:\Documents and Settings\Brenda\Favorites\Inernet
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Brenda\Cookies\brenda@ads.pointroll[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Brenda\Cookies\brenda@tribalfusion[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\b3d10u8h.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\b3d10u8h.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\b3d10u8h.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\b3d10u8h.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\b3d10u8h.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\b3d10u8h.default\cookies.txt[.advertising.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\b3d10u8h.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\b3d10u8h.default\cookies.txt[.atwola.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\b3d10u8h.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\b3d10u8h.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\b3d10u8h.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\b3d10u8h.default\cookies.txt[]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Brenda\Cookies\brenda@ads.pointroll[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Brenda\Cookies\brenda@tribalfusion[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Brenda\Desktop\l2mfix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Brenda\Desktop\l2mfix.exe[Process.exe]
Virus:W32/Mytob.FK.worm Not disinfected Personal Folders\Inbox\COMPUTER\Your Account is Suspended For Security Reasons\fufriv.zip[fufriv.doc .pif]
Virus:W32/Mytob.FK.worm Not disinfected Personal Folders\Inbox\COMPUTER\You have successfully updated your password\new-password.zip[new-password.htm .scr]
Virus:W32/Mytob.FK.worm Not disinfected Personal Folders\Inbox\COMPUTER\YOUR ACCOUNT IS SUSPENDED FOR SECURITY REASONS\email-details.zip[email-details.htm .exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\HJT\l2mfix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\HJT\l2mfix.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-2818146379-640212105-3790383986-1005\Dc1\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\SYSTEM32\Process.exe
Virus:W32/Mytob.FK.worm Not disinfected Personal Folders\Inbox\COMPUTER\Your Account is Suspended For Security Reasons\fufriv.zip[fufriv.doc .pif]
Virus:W32/Mytob.FK.worm Not disinfected Personal Folders\Inbox\COMPUTER\You have successfully updated your password\new-password.zip[new-password.htm .scr]
Virus:W32/Mytob.FK.worm Not disinfected Personal Folders\Inbox\COMPUTER\YOUR ACCOUNT IS SUSPENDED FOR SECURITY REASONS\email-details.zip[email-details.htm .exe]

Thanks again, gsf

03-20-2006, 09:02 PM	#22 (permalink)
galefly Registered User Join Date: Mar 2006 Posts: 19 OS: XP	Ried, 1.Regedit deletions went ok but the first two seemed identical to me. Am I missing something? 2. The following is the Panda file from 3/16/06 that i failed to post Incident Status Location Adware:adware/tvmedia Not disinfected C:\Documents and Settings\Brenda\Application Data\tvmcwrd.dll Adware:adware/ncase Not disinfected C:\WINDOWS\didduid.ini Adware:adware/sidesearch Not disinfected C:\PROGRAM FILES\Lycos Adware:adware/xupiter Not disinfected C:\Documents and Settings\Brenda\Favorites\Inernet Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Brenda\Cookies\brenda@ads.pointroll[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Brenda\Cookies\brenda@tribalfusion[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\b3d10u8h.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\b3d10u8h.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\b3d10u8h.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\b3d10u8h.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\b3d10u8h.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\b3d10u8h.default\cookies.txt[.advertising.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\b3d10u8h.default\cookies.txt[.2o7.net/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\b3d10u8h.default\cookies.txt[.atwola.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\b3d10u8h.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\b3d10u8h.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\b3d10u8h.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\b3d10u8h.default\cookies.txt[] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Brenda\Cookies\brenda@ads.pointroll[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Brenda\Cookies\brenda@tribalfusion[2].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Brenda\Desktop\l2mfix\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Brenda\Desktop\l2mfix.exe[Process.exe] Virus:W32/Mytob.FK.worm Not disinfected Personal Folders\Inbox\COMPUTER\Your Account is Suspended For Security Reasons\fufriv.zip[fufriv.doc .pif] Virus:W32/Mytob.FK.worm Not disinfected Personal Folders\Inbox\COMPUTER\You have successfully updated your password\new-password.zip[new-password.htm .scr] Virus:W32/Mytob.FK.worm Not disinfected Personal Folders\Inbox\COMPUTER\YOUR ACCOUNT IS SUSPENDED FOR SECURITY REASONS\email-details.zip[email-details.htm .exe] Potentially unwanted tool:Application/Processor Not disinfected C:\HJT\l2mfix\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\HJT\l2mfix.exe[Process.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-2818146379-640212105-3790383986-1005\Dc1\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\SYSTEM32\Process.exe Virus:W32/Mytob.FK.worm Not disinfected Personal Folders\Inbox\COMPUTER\Your Account is Suspended For Security Reasons\fufriv.zip[fufriv.doc .pif] Virus:W32/Mytob.FK.worm Not disinfected Personal Folders\Inbox\COMPUTER\You have successfully updated your password\new-password.zip[new-password.htm .scr] Virus:W32/Mytob.FK.worm Not disinfected Personal Folders\Inbox\COMPUTER\YOUR ACCOUNT IS SUSPENDED FOR SECURITY REASONS\email-details.zip[email-details.htm .exe] Thanks again, gsf