Thread: TFTP
View Single Post
  #7  
Old 01-05-2006, 04:19 AM
Teri
 
Posts: n/a
Default Re: TFTP
I have Adaware and Spybot installed already. My system right now I believe
is clean. Its got something to do with the file attributes. Read only or
Hidden are the only 2 options and neither one is checked on any of these. Is
that correct?
"David H. Lipman" wrote:

> From: "Teri" <Teri@discussions.microsoft.com>
>
> | Don't ask me what I was thinking, I think I was caught up in the System
> | Restore issue.
> |
> | McAfee
> | Scanning C: []
> | C:\q735015.exe\q735015.exe ... Found the StartPage-DU trojan !!!
> | The file or process has been deleted.
> | Scanning C:\*.*
> | C:\Documents and Settings\Terri\Local
> | Settings\Temp\bar.0\MWSSETUP.EXE\000dc980.EXE ... Found potentially unwanted
> | program Adware-MWS.
> | The file or process has been deleted.
> | The archive has been deleted.
> | C:\Recycled\Q330995.exe\Q330995.exe ... Found the StartPage-DU trojan !!!
> | The file or process has been deleted.
> |
> < snip >
>
> >>>> Virus fragment 'W95/Whog-878b' found in file c:\WINDOWS\system32\ActiveScan\pskavs.dll
> | Removal successful
> | Could not open c:\WINDOWS\system32\config\system.LOG
> >>>> Virus 'W32/Codbot-AC' found in file c:\WINDOWS\system32\wuapi.exe
>
> < snip >
>
> Well I see Adware and a startPage Trojan and two true viruses. None of which I see should
> affect Windows Management Instrumentation (WMI) from what I see.
>
> W32/Codbot-AC
> http://www.sophos.com/virusinfo/anal...2codbotac.html
>
> W95/Whog-878b
> http://www.sophos.com/virusinfo/anal...5whog878b.html
>
> StartPage-DU trojan
> http://vil.nai.com/vil/content/v_126244.htm
>
> Since adware was found, I suggest the following...
>
> Please download, install and update the following software...
>
> Ad-aware SE v1.06
> http://www.lavasoft.de/
> http://www.lavasoftusa.com/
>
> SpyBot Search and Destroy v1.4
> http://security.kolla.de/
>
> After the software is updated, I suggest scanning the system in Safe Mode.
>
> I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
> that may be on the PC.
>
> BHODemon
> http://www.definitivesolutions.com/bhodemon.htm
>
> Did you create and try the FixWMI Batch File ?
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>
Reply With Quote