Printable View
Nope .... NO other users on this machine at all.
I went ahead and deleted the !Submit folder using KillBox.
So far, none of the "Demon" files seem to have reappeared.
However, I haven't gotten anywhere with removing the trojans/viruses after the online scan from Trend Micro tole me they could not be removed.
I did post that on another thread, since VDr. has another category for them.
- Dave
Do you have Sun Java? If so, go to Control Panel and the java panel. Hit the cache Tab and delete the cache.
What was the full path to the BYTEVER.A files? You should be able to delete them manually.
If you have MS Virtual Machine you should consider getting rid of that and installing Sun Java.
http://java.sun.com/j2se/1.4.2/download.html
Hi, all .....
Thanks for the reply, crunchie. I'm already over an hour late leaving for work, but I'll get back to this after work.
Meanwhile, I ran AVG-av and it deleted three questionable files, but I'm not knowledgeable enough to know if they had anything to do with the trojans/viruses.
I am also in the middle of running the online a-v check from the Trend Micro site again, and so far nothing has shown up. The names under which the trojans/viruses showed up never displayed under Windows Explorer .... perhaps they were linked to other files with other names. At any rate, they appear to be gone now, although the scan isn't quite finished.
More after work, at which time I will try the Sun app.
thanks again,
- Dave
Crunchie and all .....
Well, I got home and the virus scan was finished, with NO viruses reported. That makes NO finds by either AVG-a.v. or by Trend Micro's on-site scanner. :)
However, as you can see from the attached HJT log file, I once again have those @&$%(*$@!! demon files, msxmidi (twice) and soft.exe back on board. :( Something somewhere isn't getting ID'd as a culprit and is reinstalling these little buggers. (I have been avoiding any web sites except for VDr.)
Oh well, you can see I already selected them on the HJT list, and I am about to delete them. We'll see how things go, but I imagine they'll reappear again.
As I said, I will also try that Sun app.
- Dave G.
Attached is a JPG of a screen shot showing the root directory of my C: partition. A lot of those EXE files look a bit suspicious. Anyone see anything that should be "eradicated" ?
thanks,
- Dave
I ran a google on web.exe and it came up with the W32.Gokar.A@mm worm. http://[email protected]
Follow the instuctions there first. All those other random named files are extremely suspect also. Did you run CWShredder earlier? msxmidi comes up as a CWS infection.
Can you zip up those random named files and email them to opera.fan.1ATgmail.com replacing AT with @ :).
Crunchie,
The worm you previously mentioned did not come up in a scan.
Interestingly, the "suspect files" we have discussed were apparently deleted from an earlier scan, and I do not see them being "reinstalled" any more. Apparently my utilities finally nailed it, whatever it was.
My antivirus detected and healed some found items while I was away, but I did not see a reference as to what it was.
I am not getting any adverse results from any scans, so for now, I guess I will consider things as 'back to normal'.
I assume nothing .... and I will continue regular scans (antivirus, HJT etc.), and will keep an eye out for any anomalies reported in scans from a.v. and utilities.
Thank you again for all your help .....
cautiously,
- Dave G.
I will take it as good news :D. Looking forward to not hearing from you in the near future :D.
You are welcome too.