Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

[SOLVED] How to delete items found by ESET scan

This is a discussion on [SOLVED] How to delete items found by ESET scan within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello, Recently my computer was cleaned by one of the member of the Virus Team of this forum and then


 
 
Thread Tools Search this Thread
Old 06-29-2013, 10:42 PM   #1
Registered Member
 
Join Date: Apr 2013
Posts: 40
OS: Win XP



Hello,
Recently my computer was cleaned by one of the member of the Virus Team of this forum and then I have been religiously scanning the pc with the recommended tools viz., MBAM, ESET Online scan, etc. and taking precautions as necessary.

The recent ESET Online Scan unveiled following -

C:\Documents and Settings\Master User\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-ap.cab Win32/OpenCandy application
C:\Documents and Settings\Master User\Temporary Internet Files\Content.IE5\1FQ9S3VG\Mipony-Installer[1].exe a variant of Win32/InstallCore.BR application
C:\Documents and Settings\Master User\Temporary Internet Files\Content.IE5\2VH1THER\DownloadManagerSetup[1].exe a variant of Win32/InstallCore.BQ application


I did not tick the checkbox that could have removed the infected files for fear that the scan might wrongly delete a required file. However the scan ran for almost 8 hours and gave me above output, and now I don't want to run the scan again and wait for 8 hours.

I tried looking up the above files, but could not find them (even after enabling show hidden files and folders).

Is there a way to remove these or may be a script that deletes these files ?

Many thanks,
Parin
pgangar is offline  
Sponsored Links
Advertisement
 
Old 06-30-2013, 04:04 PM   #2
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Hello. None of those are serious threats and you can simply ignore them if you like. OpenCandy and InstallCore are targeted due to monetizing features included in the setup files.

The two in Temporary Internet Files can be cleared out using Windows Disk Cleanup (cleanmgr)
Description of the Disk Cleanup Tool in Windows XP

Although, the path shown to your Temporary Internet Files seems non-standard. Default should be
C:\Documents and Settings\<username>\Local Settings\Temporary Internet Files\


The file in Real Player's appdata folder, you should be able to manually navigate to and delete, if it still exists.

This batch file should also remove them all

Open NOTEPAD.exe and copy/paste the text in the codebox below into it:
Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Documents and Settings\Master User\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-ap.cab"
"C:\Documents and Settings\Master User\Temporary Internet Files\Content.IE5\1FQ9S3VG\Mipony-Installer[1].exe"
"C:\Documents and Settings\Master User\Temporary Internet Files\Content.IE5\2VH1THER\DownloadManagerSetup[1].exe"

) do (
del /a/f %%g >nul 2>&1
if exist %%g echo.%%g>>"%temp%\log.txt"
)

if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:
Double click on fix.bat & allow it to run

You should receive a message, "Deleted Successfully !! Press Any Key to Continue..." Please do, and continue on. If not, let me know.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 07-01-2013, 06:14 AM   #3
Registered Member
 
Join Date: Apr 2013
Posts: 40
OS: Win XP



Hello Tetonbob,
Thanks for the script..I was looking just for these. It makes me feel safer when I get the needed assistance and support from Good Samaritans like you...

Warm Regards,
Parin
pgangar is offline  
Sponsored Links
Advertisement
 
Old 07-01-2013, 07:48 AM   #4
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



You're quite welcome, Parin. Take care.

Surf Safely, and Think Prevention!

Since this issue is resolved, this topic will be archived.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot create shortcuts
Hello, I've been having issues with my computer for a while. It started out with a virus that "scanned" my computer for an infection, and of course my wife hits "OK". I had thought i cleaned that up, then I had the "The FBI has locked your computer" for whatever reason, and I had cleaned that up...
Andy_F Resolved HJT Threads 76 02-19-2013 07:46 PM
Rootkit Issue
I recently downloaded two small utility programs and they both did their job. After I had, my default browser page became isearch.babylon and tried but failed to sort that. Then my superantispyware told me "A serious rootkit was detected on your machine" message and telling me I had to reboot to...
RayCee Resolved HJT Threads 19 10-04-2012 01:27 PM
Google Rediriect
My google searches do not produce results, another google page comes up with a "Goooooooooogle" type banner but still no search results. I ran malwarebytes, spybot, avira, and superantispyware and the problem still exists. I have Microsoft XP Home edition Service Pack 3, i do have a...
rickv123 Resolved HJT Threads 36 09-06-2012 06:33 AM
w32/blaster.worm follow up
My original post was closed due to inactivity. (I borrowed a computer while waiting for info and just procrastinated dealing with this issue) Here is the link to the original post: https://www.techsupportforum.com/forums/f284/w32-blaster-worm-follow-up-613982.html I have downloaded the...
danib.3 Resolved HJT Threads 40 01-04-2012 08:05 AM
Window Recovery Virus
I have control of my computer now but I have lost access to a lot of files. I can't find any system tools, such as system restore in my start menu. They all seem to be hidden. This shows up in my MSCONFIG start Menu "oVlLshwOTG" and I'm sure it is a process stopped by RKill. I have run spybot...
amsron Virus/Trojan/Spyware Help 46 06-04-2011 10:24 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 07:24 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts