Tech Support Forum - View Single Post - hard drive always active, strange things..

Hustler24 · 07-26-2006, 10:29 AM

SAFE MODE

Reboot into Safe Mode as described earlier.

--------------

UNREGISTER DLL

Go to Start > Run

Type regsvr32 /u occache.dll and press Enter.

---------------

DELETE FILES

The Avenger is a very powerful tool which should not be used generally. You no longer need it and so you should delete it. You also do not need VirtumundoBeGone. Please delete the following files/folders:

C:\Filexxx.txt < Where xxx are numbers
C:\WINDOWS\Downloaded Program Files\MediaAccX.dll
C:\avenger
C:\Documents and Settings\Scott\Desktop\VirtumundoBeGone.exe

----------------

RE-REGISTER DLL

Go to Start > Run

Type regsvr32 occache.dll

-----------------

Reboot into Normal mode

------------------

UPDATE JAVA AND CLEAR CACHE

Updating Java and Clearing Cache

Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
It will say "Java Plug-in" under the icon.
If it is not visible, click on 'Switch to Classic View' in the left pane of the Control Panel or 'Other Control Panel Options'
Please find the Update button or tab in the Java Control Panel. Update your Java then reboot.
If you are unable to update you can manually update by going here:
- http://www.java.com/en/download/manual.jsp
After the reboot, go back into the Control Panel and double-click the Java Icon.
Under the Advanced Tab, click <Applet> tag support and select the browser(s) you are using.
Under "Temporary Internet Files", click the Delete Files button.
There are three options in the window to clear the cache - Leave ALL 3 Checked
- Downloaded Applets
- Downloaded Applications
- Other Files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Java Control Panel.

-------------------

ONLINE SCAN

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------

Post the Kaspersky log and a new HJT log.

How is the system performing now?

07-26-2006, 10:29 AM	#5 (permalink)
Hustler24 Analyst, Security Team Join Date: Mar 2005 Posts: 890 OS: Windows XP Home	SAFE MODE Reboot into Safe Mode as described earlier. -------------- UNREGISTER DLL Go to Start > Run Type regsvr32 /u occache.dll and press Enter. --------------- DELETE FILES The Avenger is a very powerful tool which should not be used generally. You no longer need it and so you should delete it. You also do not need VirtumundoBeGone. Please delete the following files/folders: C:\Filexxx.txt < Where xxx are numbers C:\WINDOWS\Downloaded Program Files\MediaAccX.dll C:\avenger C:\Documents and Settings\Scott\Desktop\VirtumundoBeGone.exe ---------------- RE-REGISTER DLL Go to Start > Run Type regsvr32 occache.dll ----------------- Reboot into Normal mode ------------------ UPDATE JAVA AND CLEAR CACHE Updating Java and Clearing Cache Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel. It will say *"Java Plug-in"* under the icon. If it is not visible, click on *'Switch to Classic View'* in the left pane of the Control Panel or *'Other Control Panel Options'* Please find the Update button or tab in the Java Control Panel. Update your Java then reboot. If you are unable to update you can manually update by going here: http://www.java.com/en/download/manual.jsp After the reboot, go back into the Control Panel and double-click the Java Icon. Under the Advanced Tab, click <Applet> tag support and select the browser(s) you are using. Under "Temporary Internet Files", click the Delete Files button. There are three options in the window to clear the cache - Leave ALL 3 Checked Downloaded Applets Downloaded Applications Other Files Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Java Control Panel. ------------------- ONLINE SCAN Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan -------------------- Post the Kaspersky log and a new HJT log. How is the system performing now? __________________ Last edited by Hustler24; 07-26-2006 at 10:32 AM.