And here is the Silent Runner log file (attached) . . .
- Dave
Printable View
And here is the Silent Runner log file (attached) . . .
- Dave
Also, here are a couple of screen shot attachments (this and next post) showing some possible nasty files that keep reappearing after using Pocket Killbox.
- Dave
Here is the other screen shot (attached) .... possible "malfiles". These also seem to keep reappearing after zapping with Pocket KillBox .... I must have something somewhere that reinstalls them, but I don't know enough about how this garbage works to trace it .... :(
- Dave
This is extremely odd:
There are times I absolutely can NOT manually delete the demon file WinSuck.dll from C:/WINDOWS/System32.
Pocket KillBox cannot delete it normally .... it can only do it if you select "Delete on Reboot".
After the system reboots, it is indeed gone from that directory path. HOWEVER, the same identical file is now in the directory ++ C:/!Submit. Interestingly, I can easily delete it from both this directory AND from the Recycle (Trash) Bin.
Of course, it seems that later, for reasons unknown, the file is back in the first above-mentioned directory path.
Everything seems to be in a delete-reappear cycle .... I'm about ready to can the whole thing and reinstall Windows or something.
And, I would love to know the site this rotten garbage came from .... < evil, maniacal laughter >
- Dave
The submit folder is created by killbox and is safe to delete :).
Are there any other users on this computer? It is possible that these same files need to be removed from each user. Log on as Administrator and go through each one. Run Adaware and Spybot S&D on each one also.
Nope .... NO other users on this machine at all.
I went ahead and deleted the !Submit folder using KillBox.
So far, none of the "Demon" files seem to have reappeared.
However, I haven't gotten anywhere with removing the trojans/viruses after the online scan from Trend Micro tole me they could not be removed.
I did post that on another thread, since VDr. has another category for them.
- Dave
Do you have Sun Java? If so, go to Control Panel and the java panel. Hit the cache Tab and delete the cache.
What was the full path to the BYTEVER.A files? You should be able to delete them manually.
If you have MS Virtual Machine you should consider getting rid of that and installing Sun Java.
http://java.sun.com/j2se/1.4.2/download.html
Hi, all .....
Thanks for the reply, crunchie. I'm already over an hour late leaving for work, but I'll get back to this after work.
Meanwhile, I ran AVG-av and it deleted three questionable files, but I'm not knowledgeable enough to know if they had anything to do with the trojans/viruses.
I am also in the middle of running the online a-v check from the Trend Micro site again, and so far nothing has shown up. The names under which the trojans/viruses showed up never displayed under Windows Explorer .... perhaps they were linked to other files with other names. At any rate, they appear to be gone now, although the scan isn't quite finished.
More after work, at which time I will try the Sun app.
thanks again,
- Dave
Crunchie and all .....
Well, I got home and the virus scan was finished, with NO viruses reported. That makes NO finds by either AVG-a.v. or by Trend Micro's on-site scanner. :)
However, as you can see from the attached HJT log file, I once again have those @&$%(*$@!! demon files, msxmidi (twice) and soft.exe back on board. :( Something somewhere isn't getting ID'd as a culprit and is reinstalling these little buggers. (I have been avoiding any web sites except for VDr.)
Oh well, you can see I already selected them on the HJT list, and I am about to delete them. We'll see how things go, but I imagine they'll reappear again.
As I said, I will also try that Sun app.
- Dave G.
Attached is a JPG of a screen shot showing the root directory of my C: partition. A lot of those EXE files look a bit suspicious. Anyone see anything that should be "eradicated" ?
thanks,
- Dave