How to remove the viruses detected from McAfee free scan?

lamfeng · 09-29-2006, 11:15 AM

Hi,
Following the advice in the forum, i ran a McAfee free scan and discovered i had a handful of files detected. I was wondering if it was ok to follow the link provided and delete it directly....
here is a sample of the things detected:

C:\Documents and Settings\...\Cache\DD0DA363d01 PrcViewer
C:\Documents and Settings\...\a01[1].jpg Downloader-GG!chm
C:\Documents and Settings\...\a01[1].jpg Downloader-GG!chm
C:\...\GameSpy Arcade Help.url Adware-Url.gen
C:\...\GameSpy Arcade Website.url Adware-GameSpyArcade.url
C:\Documents and Settings\...\apps\Process.exe PrcViewer

Ried · 09-29-2006, 11:29 AM

lamfeng...is this for the same PC you and I have been working so hard on?

**POADB** · 09-29-2006, 11:30 AM

Those results aren't very clear.

If this is the same computer Ried is assiting you with, I would advise to continue working with her.

Ried has invested a lot of time and effort so far into helping you, and her expert advice will benefit you greatly.

Regards

POADB

lamfeng · 09-29-2006, 10:05 PM

yes yes!! its me!
I thought i'd take the initiative and follow the instructions listed in the general security thread to try and clean up my computer at the same time....
no worries i'll wait for the next instructions from Ried!

Ried · 09-29-2006, 10:54 PM

Hi lamfeng,

I posted instructions a couple days ago--click this link

lamfeng · 10-01-2006, 12:17 AM

Hi Reid,

Thanks for the reply...heres the report from the scan:

Incident Status Location

Spyware:spyware/virtumonde Not disinfected C:\WINDOWS\System32\wincoreak.dll
Adware:adware/look2me Not disinfected c:\windows\system32\ffInst.exe
Adware:adware/elitebar Not disinfected c:\windows\downloaded program files\OSDEB.OSD
Adware:adware/ipinsight Not disinfected c:\windows\inf\conscorr.inf
Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32m.sys
Adware:adware/wupd Not disinfected c:\program files\Windows ControlAd
Adware:adware/cws Not disinfected C:\Documents and Settings\ocean\Favorites\Health
Adware:adware/iemenuextension Not disinfected Windows Registry
Adware:adware/bdsearch Not disinfected Windows Registry
Adware:adware/searchrelevancy Not disinfected Windows Registry
Potentially unwanted tool:application/myway Not disinfected hkey_classes_root\clsid\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM
Adware:adware/dyfuca Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Adware:adware/ncase Not disinfected Windows Registry
Adware:adware/ist.sidefind Not disinfected Windows Registry
Adware:adware/sqwire Not disinfected Windows Registry
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\ocean\Application Data\Mozilla\Firefox\Profiles\biyti8gs.default\cookies.txt[.com.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\ocean\Application Data\Mozilla\Firefox\Profiles\biyti8gs.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\ocean\Application Data\Mozilla\Firefox\Profiles\biyti8gs.default\cookies.txt[.tucows.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\ocean\Application Data\Mozilla\Firefox\Profiles\biyti8gs.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\ocean\Application Data\Mozilla\Firefox\Profiles\biyti8gs.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\ocean\Application Data\Mozilla\Firefox\Profiles\biyti8gs.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\ocean\Application Data\Mozilla\Firefox\Profiles\biyti8gs.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\ocean\Application Data\Mozilla\Firefox\Profiles\biyti8gs.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\ocean\Application Data\Mozilla\Firefox\Profiles\biyti8gs.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\ocean\Cookies\ocean@belnk[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\ocean\Cookies\ocean@com[2].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\ocean\Cookies\ocean@ct.360i[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\ocean\Cookies\ocean@dist.belnk[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\ocean\Cookies\ocean@i.screensavers[2].txt
Spyware:Cookie/TeensForCash Not disinfected C:\Documents and Settings\ocean\Cookies\ocean@teensforcash[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\ocean\Local Settings\Temp\Cookies\ocean@com[1].txt
Virus:Trj/Keylog.DX Disinfected C:\Documents and Settings\ocean\Local Settings\Temporary Internet Files\Content.IE5\492F4TEN\a01[1].jpg
Virus:Trj/Keylog.DX Disinfected C:\Documents and Settings\ocean\Local Settings\Temporary Internet Files\Content.IE5\54CRD541\a01[1].jpg
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\ocean\桌面\SDFix\apps\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\ocean\桌面\SDFix\SDFix\apps\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\ocean\桌面\SDFix.zip[SDFix/apps/Process.exe]
Adware:Adware/Lop Not disinfected C:\Program Files\Adverts\uninst.exe
Adware:Adware/WUpd Not disinfected C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe
Adware:Adware/WUpd Not disinfected C:\Program Files\Windows ServeAd\WinAtServ.dll
Adware:Adware/WUpd Not disinfected C:\Program Files\Windows ServeAd\WinServSuit.exe
Adware:Adware/EliteBar Not disinfected C:\upgradetb093.exe
Adware:Adware/WUpd Not disinfected C:\WINDOWS\Config\loud.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\akcore.dll
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\system32\aotxprxy.dll
Spyware:Cookie/TopRebates.com Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\system@www.toprebates[2].txt
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6XQRW1U3\fav[1].bmp
Adware:Adware/WUpd Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\85QBCTIV\loud[1].htm
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\system32\hrns0557e.dll
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\system32\i0jq0a15ed.dll
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\system32\ktnml7511.dll
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\system32\l84qlih5184.dll
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\system32\mdrating.dll
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\system32\oqbc32gt.dll

**POADB** · 10-01-2006, 02:36 AM

Iamfeng

Please continue working in your original thread here:

http://www.techsupportforum.com/show...5&postcount=22

It keeps everything organised.

Ried · 10-01-2006, 11:43 AM

Closing this thread to avoid confusion.

09-29-2006, 11:15 AM	#1 (permalink)
lamfeng Registered User Join Date: Sep 2006 Posts: 16 OS: XP	How to remove the viruses detected from McAfee free scan? Hi, Following the advice in the forum, i ran a McAfee free scan and discovered i had a handful of files detected. I was wondering if it was ok to follow the link provided and delete it directly.... here is a sample of the things detected: C:\Documents and Settings\...\Cache\DD0DA363d01 PrcViewer C:\Documents and Settings\...\a01[1].jpg Downloader-GG!chm C:\Documents and Settings\...\a01[1].jpg Downloader-GG!chm C:\...\GameSpy Arcade Help.url Adware-Url.gen C:\...\GameSpy Arcade Website.url Adware-GameSpyArcade.url C:\Documents and Settings\...\apps\Process.exe PrcViewer

09-29-2006, 11:29 AM	#2 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,522 OS: WinXP and Vista	lamfeng...is this for the same PC you and I have been working so hard on? __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

09-29-2006, 11:30 AM	#3 (permalink)
POADB Moderator, Microsoft Support Join Date: Jul 2004 Location: United Kingdom Posts: 6,481 OS: XP SP2	Those results aren't very clear. If this is the same computer Ried is assiting you with, I would advise to continue working with her. Ried has invested a lot of time and effort so far into helping you, and her expert advice will benefit you greatly. Regards POADB __________________ Last edited by POADB; 09-29-2006 at 11:39 AM.

09-29-2006, 10:54 PM	#5 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,522 OS: WinXP and Vista	Hi lamfeng, I posted instructions a couple days ago--click this link __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

10-01-2006, 02:36 AM	#7 (permalink)
POADB Moderator, Microsoft Support Join Date: Jul 2004 Location: United Kingdom Posts: 6,481 OS: XP SP2	Iamfeng Please continue working in your original thread here: http://www.techsupportforum.com/show...5&postcount=22 It keeps everything organised. __________________

09-29-2006, 10:05 PM	#4 (permalink)
lamfeng Registered User Join Date: Sep 2006 Posts: 16 OS: XP	yes yes!! its me! I thought i'd take the initiative and follow the instructions listed in the general security thread to try and clean up my computer at the same time.... no worries i'll wait for the next instructions from Ried!

10-01-2006, 12:17 AM	#6 (permalink)
lamfeng Registered User Join Date: Sep 2006 Posts: 16 OS: XP	Hi Reid, Thanks for the reply...heres the report from the scan: Incident Status Location Spyware:spyware/virtumonde Not disinfected C:\WINDOWS\System32\wincoreak.dll Adware:adware/look2me Not disinfected c:\windows\system32\ffInst.exe Adware:adware/elitebar Not disinfected c:\windows\downloaded program files\OSDEB.OSD Adware:adware/ipinsight Not disinfected c:\windows\inf\conscorr.inf Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32m.sys Adware:adware/wupd Not disinfected c:\program files\Windows ControlAd Adware:adware/cws Not disinfected C:\Documents and Settings\ocean\Favorites\Health Adware:adware/iemenuextension Not disinfected Windows Registry Adware:adware/bdsearch Not disinfected Windows Registry Adware:adware/searchrelevancy Not disinfected Windows Registry Potentially unwanted tool:application/myway Not disinfected hkey_classes_root\clsid\{66FC8717-EFA7-4546-8C4A-E224F3A80C76} Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM Adware:adware/dyfuca Not disinfected Windows Registry Adware:adware/ist.istbar Not disinfected Windows Registry Adware:adware/ncase Not disinfected Windows Registry Adware:adware/ist.sidefind Not disinfected Windows Registry Adware:adware/sqwire Not disinfected Windows Registry Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\ocean\Application Data\Mozilla\Firefox\Profiles\biyti8gs.default\cookies.txt[.com.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\ocean\Application Data\Mozilla\Firefox\Profiles\biyti8gs.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\ocean\Application Data\Mozilla\Firefox\Profiles\biyti8gs.default\cookies.txt[.tucows.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\ocean\Application Data\Mozilla\Firefox\Profiles\biyti8gs.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\ocean\Application Data\Mozilla\Firefox\Profiles\biyti8gs.default\cookies.txt[.atdmt.com/] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\ocean\Application Data\Mozilla\Firefox\Profiles\biyti8gs.default\cookies.txt[.burstnet.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\ocean\Application Data\Mozilla\Firefox\Profiles\biyti8gs.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\ocean\Application Data\Mozilla\Firefox\Profiles\biyti8gs.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\ocean\Application Data\Mozilla\Firefox\Profiles\biyti8gs.default\cookies.txt[.apmebf.com/] Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\ocean\Cookies\ocean@belnk[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\ocean\Cookies\ocean@com[2].txt Spyware:Cookie/360i Not disinfected C:\Documents and Settings\ocean\Cookies\ocean@ct.360i[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\ocean\Cookies\ocean@dist.belnk[2].txt Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\ocean\Cookies\ocean@i.screensavers[2].txt Spyware:Cookie/TeensForCash Not disinfected C:\Documents and Settings\ocean\Cookies\ocean@teensforcash[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\ocean\Local Settings\Temp\Cookies\ocean@com[1].txt Virus:Trj/Keylog.DX Disinfected C:\Documents and Settings\ocean\Local Settings\Temporary Internet Files\Content.IE5\492F4TEN\a01[1].jpg Virus:Trj/Keylog.DX Disinfected C:\Documents and Settings\ocean\Local Settings\Temporary Internet Files\Content.IE5\54CRD541\a01[1].jpg Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\ocean\桌面\SDFix\apps\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\ocean\桌面\SDFix\SDFix\apps\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\ocean\桌面\SDFix.zip[SDFix/apps/Process.exe] Adware:Adware/Lop Not disinfected C:\Program Files\Adverts\uninst.exe Adware:Adware/WUpd Not disinfected C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe Adware:Adware/WUpd Not disinfected C:\Program Files\Windows ServeAd\WinAtServ.dll Adware:Adware/WUpd Not disinfected C:\Program Files\Windows ServeAd\WinServSuit.exe Adware:Adware/EliteBar Not disinfected C:\upgradetb093.exe Adware:Adware/WUpd Not disinfected C:\WINDOWS\Config\loud.exe Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\akcore.dll Adware:Adware/Look2Me Not disinfected C:\WINDOWS\system32\aotxprxy.dll Spyware:Cookie/TopRebates.com Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\system@www.toprebates[2].txt Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6XQRW1U3\fav[1].bmp Adware:Adware/WUpd Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\85QBCTIV\loud[1].htm Adware:Adware/Look2Me Not disinfected C:\WINDOWS\system32\hrns0557e.dll Adware:Adware/Look2Me Not disinfected C:\WINDOWS\system32\i0jq0a15ed.dll Adware:Adware/Look2Me Not disinfected C:\WINDOWS\system32\ktnml7511.dll Adware:Adware/Look2Me Not disinfected C:\WINDOWS\system32\l84qlih5184.dll Adware:Adware/Look2Me Not disinfected C:\WINDOWS\system32\mdrating.dll Adware:Adware/Look2Me Not disinfected C:\WINDOWS\system32\oqbc32gt.dll

10-01-2006, 11:43 AM	#8 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,522 OS: WinXP and Vista	Closing this thread to avoid confusion. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."