Home > Help With > Help With WIN32.P2P-WORM.ALCAN.A + Onoes.exe

Help With WIN32.P2P-WORM.ALCAN.A + Onoes.exe

Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installquietO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] B. Let Spybot Search & Setroy delete everything it finds. I need the log later.-------------------------* Download Combofix to your desktop.Doubleclick combofix.exeFollow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.When finished this content

i'm sory for the late reply. Copy and paste the log it produces here. Occasionally a DOS box could face-up to asking your permission in deleting some files inside the temporary Windows directories. Save it in the same folder you made earlier (c:\BFU).Do not do anything with these yet!Reboot your computer into Safe Mode.

the only two i found were: IEXPLORE.EXE-27122324.pf and iexplore.exe.mui any suggestions? I do have a question before preceding with this, because I'm unsure of something. (Don't wanna mess it up.)Quote below on what I have a question about:Copy the file names below i also went into safe mode. To hide them again, just perform the above instructions in the opposite way.

It will last 2-3 hours. Don't want just one file done at restart if I'm suppose to do them all.Many thanks for your time so far, and any additional time you take to respond to my right click on it and click on properties and let us know any information you can find out about it. Follow the numbers. 1 Using Windows XP or ME: turn off System Restore. 2 Make sure you set windows to see the hidden files and folders. 3 Download and Instructions of

Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, What exactly happens when you try to update ? Double-click on the My Computer icon. From the Menu, click New, then Folder and a folder will appear on your desktop.3.

Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO8 - Extra context menu item: Then, please go to Start > My Computer and navigate to the C:\BFU folder. E. Renaming this little bliter bob and deleting him in safe mode results in him returning undettered after the next reboot His modification date is about the same time as I lost

Did this help? Read More Here Combofix.txt: "Owner" - 2007-06-09 8:33:59 Service Pack 2 NTFS ComboFix 07-06-3B - Running from: "C:\Documents and Settings\Owner\Desktop\"(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))C:\WINDOWS\system32\nqstv.bak1 C:\WINDOWS\system32\nqstv.bak2 C:\WINDOWS\system32\nqstv.ini C:\WINDOWS\system32\nqstv.tmp C:\WINDOWS\system32\nqstv.bak1 C:\WINDOWS\system32\nqstv.bak2 C:\WINDOWS\system32\nqstv.ini C:\WINDOWS\system32\vtsqn.dll* * * POST RUN it asked if i should delete the whole file or something identical to that. Code: 5 Run the Killbox o browse the files of every entry into the killbox: C:\Documents and Settings\Jay MacDonald\Application Data\tlii.exe C:\Documents and Settings\Jay MacDonald\Local Settings\Temp\p2psetup.exe C:\I386\MARSHAL.DLL C:\I386\P2P Networking v126.cpl C:\I386\P2P Networking.exe

Googleing onoes.exe comes up empty and the only problem I have now is that my Task Manager wont work so I am working on reactivating it. I ran Ad-Aware and found the worm, so I checked here and found the other threads. And still don't. (Assuming only files are deleted in it and nothing else.) Not sure about that.Anyways, here is my Ewido report:--------------------------------------------------------- ewido security suite - Scan report--------------------------------------------------------- + Created on: Accept that some days you are the pigeon and some days the statue.

Post next logs in your following reply:Log from combofix (combofix.txt) - do NOT post the ComboFix-quarantined-files.txt - unless I ask you toLog from AVG AntispywareNew HijackThislogYou may need several replies to reboot as you got the last file into the killbox. 6 Disconnect to the Internet. 7 Turn to safe mode. Click Start.Open My Computer.Select the Tools menu and click Folder Options.Select the View Tab. have a peek at these guys DelDomains.inf -> install it to your desktop.

Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dllO9 - Extra 'Tools' menuitem: Yahoo! Win32.p2p-worm.alcan.a Trojan Virus Trouble Started by drummboy23 , Jun 08 2007 10:43 PM Page 1 of 2 1 2 Next This topic is locked 16 replies to this topic #1 drummboy23 and have a look for a folder called "complete".

All rights reserved.

SpybotSD seems to update ok now although I can't be sure running it finds nothing yet. Here are the information that was given to me as a result. Cut and Paste your current copy of HiJackThis.exe into the new Folder that was just created.5. AVG has no newer updates since 10-02-2006 so that was paranoia on my part.

Have it save a new Logfile. -> Post the Ad Aware SE Logfile -> Post the RTE Logfile -> Post the About:Buster Logfile -> Post the Panda ActiveScan Logfile -> Please In that case, download the script ( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Temporary Internet Files and Temporary System Files, Cache, History and Prefetch must be cleaned. check my blog Click "Yes" at the Delete on Reboot prompt.

Although Process Guard is a very powerful program due to its low-level nature, its intuitive graphical interface actually makes it very easy to use for both novice and advanced users alike. Found 8 worms. I do not recognize anything listed in the log.I have completed all of your instructions. I can't, however, at this time get the Ewido Security Suite link to come up.

Good-Luck, 0 #6 gpsugy Posted 03 December 2005 - 10:47 AM gpsugy Member Topic Starter Member 86 posts hi. Download CWShredder. F. We will fix this in a moment.

i do not know how to delete it, and i'm afraid it might be very serious. I wondered yesterday about that while posting, but it'd been so long since I'd revealed hidden stuff that I couldn't remember where the settings where to show them.I could have sown