November 18, 2017, 01:56:00 PM
  Print  
Author Topic: I think I have an unknown virus...  (Read 5111 times)
antimatter
Experienced Member
****
Posts: 2845

View Profile WWW
« on: July 02, 2007, 11:51:21 AM »

Its called $McRebootA5E6DEAA56$

I found it in system startup.

This is the link from common startup:

%windir%\system32\cmd.exe /c del "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk"


This has not come at a good time..

I've looked this up, hopeless.. On www.live.com 1 result comes up.

HELP! PLEASE! PLEASE HELP!
Logged

Organisation européenne pour la recherche nucléaire

wide_load
Experienced Member
****
Posts: 3573

View Profile WWW
« Reply #1 on: July 02, 2007, 12:40:51 PM »

seems to be related to a pragram called "SUPER anti spyware"

what you saw was most likely to be the program that was designe d to install this on  next boot without you knowing...

also possible that its something to do with adobe...

download hijackthis and post you log file here Smiley
Logged

Mike
Global Moderators
Experienced Member
*****
Posts: 1921

View Profile WWW
« Reply #2 on: July 02, 2007, 08:41:05 PM »

www.live.com includes 2 results for me...
Check out the Safer Networking Forums...

It says this file/program is involved "Adobe Gamma Loader.exe"
..so like wide_load said, its got something to do with Adobe.

Click here to download HijackThis.exe
Logged

antimatter
Experienced Member
****
Posts: 2845

View Profile WWW
« Reply #3 on: July 02, 2007, 09:39:00 PM »

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\IBserver\mysql\bin\mysqld-opt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\cleanmgr.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Gareth Blake Hall\Desktop\HijackThis.exe
Logged

Organisation européenne pour la recherche nucléaire

wide_load
Experienced Member
****
Posts: 3573

View Profile WWW
« Reply #4 on: July 02, 2007, 09:54:25 PM »

hmmm so you dont have adobe gammar loaded running do you ?

could be using the same name

probably a browser hijacker thingy

can you post the full log i know itll be LONG ...

?
Logged

XYLEM
Administrator
Experienced Member
*****
Posts: 7440

View Profile
« Reply #5 on: July 02, 2007, 10:04:57 PM »

Try scan with f-prot ..
Logged

noobos
Global Moderators
Experienced Member
*****
Posts: 3671

View Profile WWW
« Reply #6 on: July 03, 2007, 12:33:35 AM »

try this way...
1) download http://www.thespykiller.co.uk/files/killbox.exe
2) Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

3) Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines
Code:
O4 - Global Startup: $McRebootA5E6DEAA56$.lnk = C:\WINDOWS\system32\cmd.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe

 then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confirmation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START > RUN > type in %temp% > OK
> Edit > Select all
> File > Delete

4) Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin

Please give feedback on what worked/didn’t work and the current status of your system...

by the way, do you have any problem on regedit or anything like that?
Logged

DLEStarter | Noobos Blog | SBPS | REC

« 50Webs Support Volunteer  »
antimatter
Experienced Member
****
Posts: 2845

View Profile WWW
« Reply #7 on: July 04, 2007, 12:14:10 PM »

Well I upgraded to vista two days ago (Tuesday) and I think it is gone...

But thanks all for your help..

Btw can someone post me a screenshot what bluetooth devices look like in vista?

This is wot i get:


Bluetooth devices do work though (this keyboard is bluetooth and so is my mouse) however I can not edit settings and it looks like XP inside how odd?

Is there not somewhere where I can get an update?

Btw my hardware is some external USB Bluetooth thingy that came with my Dell PC
Logged

Organisation européenne pour la recherche nucléaire

freshwire
Global Moderators
Experienced Member
*****
Posts: 6072

View Profile WWW
« Reply #8 on: July 04, 2007, 04:38:16 PM »

The reason it looks like XP might be cus the bluetooth places is part external software dno  :roll:
Logged

Jonathan | 50Webs Support Volunteer
antimatter
Experienced Member
****
Posts: 2845

View Profile WWW
« Reply #9 on: July 05, 2007, 01:42:35 PM »

Well does anyone know how to fix it? I basically cant change anything.
Logged

Organisation européenne pour la recherche nucléaire

Mike
Global Moderators
Experienced Member
*****
Posts: 1921

View Profile WWW
« Reply #10 on: July 05, 2007, 05:59:17 PM »

Quote from: "GBHall"
Well does anyone know how to fix it? I basically cant change anything.


Just my suggestion, but have you considered contacting Dell tech support? They're supposed to help with ANY problem, large or small, pertaining to your Dell system.
Logged

freshwire
Global Moderators
Experienced Member
*****
Posts: 6072

View Profile WWW
« Reply #11 on: July 05, 2007, 08:22:37 PM »

depends all on ure device and the software (if any) provided with it.

just saying the word "bluetooth" doesnt help us help u
Logged

Jonathan | 50Webs Support Volunteer
noobos
Global Moderators
Experienced Member
*****
Posts: 3671

View Profile WWW
« Reply #12 on: July 05, 2007, 10:07:26 PM »

there are 2 way to fix it.
1) Download bluetooth driver package from your manufacturer hardware website.
2) Ask Dell, but if Bluetooth hardware is not shipped with Dell, then do #1 because Dell don't give a damn...
Logged

DLEStarter | Noobos Blog | SBPS | REC

« 50Webs Support Volunteer  »
jackmarco
Noobie
*
Posts: 5

View Profile WWW
« Reply #13 on: April 20, 2017, 01:47:19 AM »

Try an anti-virus software like Kaspersky.
Logged

yangping55
Members
**
Posts: 80

View Profile
« Reply #14 on: August 01, 2017, 03:39:08 AM »

http://www.birkenstockoutletstore.us.com
http://www.yeezy-boost350v2.us.com
http://www.pandoracharmsuk.uk
http://www.toms.in.net
http://www.coachfactoryonlineoutlet.com.co
http://www.monclerjackets-uk.co.uk
http://www.true-religionjeansoutlet.us.com
http://www.coachhandbagsoutlet.us.com
http://www.nikestoreuk.me.uk
http://www.katespadehandbags.org.uk
http://www.fendihandbags.us
http://www.nikeairmax-pascher.fr
http://www.cheapnfl-jerseyswholesale.us.com
http://www.parker-pens.us.com
http://www.birkenstockpascher.fr
http://www.hollisterclothingstore.us
http://www.longchamphandbags.me.uk
http://www.louisvuittonoutletoutlet.us.com
http://www.350yeezyboost.us.com
http://www.michaelkors-handbags.us.org
http://www.marcjacobshandbag.us.com
http://www.adidasshoes.me.uk
http://www.christianlouboutinshoesoutlets.us.com
http://www.ralphlaurensaleclearance.org.uk
http://www.outletlongchamp.us
http://www.coachoutlets.us.org
http://www.ralph-laurenoutlet.com.co
http://www.birkenstocks.us
http://www.nikefreerun.name
http://www.miamiheatjerseys.us
http://www.nfljerseyscheapwholesale.us.com
http://www.adidas-superstar.fr
http://www.ralphlaurenoutlet.us.org
http://www.mbtshoes.in.net
http://www.adidasnmd.us.org
http://www.coach-outlet.in.net
http://www.outletmichaelkors.us.com
http://www.nikeroshe.us
http://www.nfljerseyscheap.in.net
http://www.mulberry-bags.me.uk
http://www.chiflatiron.in.net
http://www.valentinoshoesoutlets.us.com
http://www.valentino.in.net
http://www.hermesoutletonline.us
http://www.coachoutlets.in.net
http://www.christianlouboutinshoes.us.org
http://www.moncleroutlet.in.net
http://www.discountoakleysunglassessale.us.com
http://www.coachfactoryoutletstore.in.net
http://www.christianlouboutinoutlet.us
http://www.yeezyboost.us.com
http://www.pandorasoldes.fr
http://www.longchamphandbags.us
2017.8.1yangping
Logged
  Print  
 
Jump to: