It also makes it easier to search for specialized tools to get rid of the trojan horse/virus. Regards,JasonSimple and easy ways to keep your computer safe and secure on the InternetIf I am helping you and have not returned in 48 hours, please feel free to send me Delete: Remove in-use files! · actions · 2005-Jan-7 11:44 am · tempnexusPremium Memberjoin:1999-08-11Boston, MA tempnexus Premium Member 2005-Jan-7 11:47 am Had the same problem when the new CWS was installed. mfdnsc do you have any confidence in mypctuneup.

Logfile of HijackThis v1.99.1 Scan saved at 10:50:58 AM, on 6/25/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe

SpyBot caught some virus a couple of days ago and I'm still trying to clean up my machine (Dell Dimension 8400).

I've also tried several different anti-virus programs that never seem to find it. Unfortunately when I went to post the results from the scan the document is so large that it wont fit on this page.

Press the Scan button. The only problem I have now is that when my desktop comes up there is always a message box with a runner error that says: "Invalid Backweb application id"1940576"".

C:\WINDOWS\system32\ierur.exe (Access was denied) C:\WINDOWS\system32\??chost.exe (nothing was found) C:\Program Files\apsi (nothing was found) Also in the System Startup Service I was not able to click onto any stop button. Make a note of the file location of anything that cannot be deleted so you can delete it yourself. - Save the results from the scan!

Run Firefox which does not run Active X controls. 2) Do NOT click on ANYTHING you didn't explicitly ask for from a Web site.

Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quietO4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - Startup: Bux.to Autoclicker.lnk = ?O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Digital Line Detect.lnk Please copy and paste the log in your next reply. Discussions cover Windows 2003 Server, Windows installation, adding and removing programs, driver problems, crashes, upgrading, and other OS-related questions.Real-Time ActivityMy Tracked DiscussionsFAQsPoliciesModerators General discussion Trojan Agent won't go away! You will do that later in safe mode.

No matter how careful you are, there is always a chance that your computer gets infected with a virus that just won't go away.

I'm not suggesting switching to Linux...but there are linux based tools that may be able to help.

Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} - C:\WINDOWS\system32\stlb2.dll O2 - BHO: (no name)

Read more. Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads #2 jntkwx jntkwx Malware Response Team 4,339 posts OFFLINE Gender:Male Location:New England, U.S.A. So i put the hard drive in mine , the virus jumped over to my hard drive and I ended up formatting both and reinstalling . Please try again now or at a later time.

Stay Away From These 2 Features Khamosh Pathak You Won't Find These Exclusive Linux Apps on Windows Linux You Won't Find These Exclusive Linux Apps on Windows Bertel King, Jr. only upgraded graphics card because amd gpu died. I didn't seem to get a notification email that you replied. Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50188/QDow_AS2.cab O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5

Press the button.Review the list of what to clear. If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. There are about 4 pages of items that have "no disinfect" as the status. Trojan.win32.obfuscated.qx won't go away.please help:) [RESOLVED] Started by smileeface , Mar 24 2008 09:15 AM This topic is locked #1 smileeface Posted 24 March 2008 - 09:15 AM smileeface New Member

I ran the ActiveScan and saved the results. In the "Paste Full Path of File to Delete" box, copy and paste the following: C:\WINDOWS\system32\ierur.exe Now put a tick by Delete on reboot.

I have been using Malwarebytes which has cleaned up most of the junk except for something int he registry that keep reappearing, mainly:HKEY_LOCAL_MACHINE\SOFTWARE\MicrosoftWindows\CurrentVersion\Run kupewoseweMalwarebytes deletes it but it keeps coming back. My system restore unfortunately doesn't go back far enough to before I installed it, so there's nothing I can do there.

then post HJT log maybe it will offer more cluesCudni · actions · 2005-Jan-7 11:44 am · John2gQui Tacet ConsentitPremium Memberjoin:2001-08-10England John2g to SweetLD215 Premium Member 2005-Jan-7 11:44 am to SweetLD215Go My system restore unfortunately doesn't go back far enough to before I installed it, so there's nothing I can do there. Since most viruses don't infect pure "data" files, it's always best to completely separate your data files from your C: drive, so that your backup is less likely to have infected Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://schu1.experian.com/vdesk/terminal/urxvpn.cab#version=5200,0,40910,1 O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://schu1.experian.com/vdesk/terminal/urTermProxy.cab#version=5200,0,40915,1 O16 - Please help me..https://forums.malwarebytes.com/topic/104532-stdrtexe-trojanvirus-wont-go-away-please-help-me/ I thought you might be interested in looking at stdrt.exe trojan/virus won't go away! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe Display as a link instead × Your previous content has been restored.

