WiredWX Hobby Weather ToolsLog in

 


Spyware 2009/BankerFox.A/Win32

2 posters

descriptionSpyware 2009/BankerFox.A/Win32 - Page 2 EmptyRe: Spyware 2009/BankerFox.A/Win32

more_horiz
Hello.
That's attach.txt, I also need to see DDS.txt, so please post that too.
Please leave attach.txt there, because there's a few things that need to be removed from the log.

descriptionSpyware 2009/BankerFox.A/Win32 - Page 2 EmptyRe: Spyware 2009/BankerFox.A/Win32

more_horiz
DDS (Ver_09-02-01.01) - NTFSx86
Run by Rachel at 14:27:18.76 on Fri 02/27/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.450 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\X3watch\x3watch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdwareFilter\adwarefilter.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Documents and Settings\Rachel\Desktop\dds.com

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
uStart Page = hxxp://comcast.net/
mURLSearchHooks: N/A: {4d25f926-b9fe-4682-bf72-8ab8210d6d75} - c:\program files\mywaysa\srchasde\deSrcAs.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: : {4d25f921-b9fe-4682-bf72-8ab8210d6d75} - c:\program files\mywaysa\srchasde\deSrcAs.dll
BHO: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~2\COMCAS~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\3.8.0\ViewBarBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: BHO: {c9c42510-9b21-41c1-9dcd-8382a2d07c61} - c:\windows\system32\iehelper.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~2\COMCAS~1.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [CMPDPSRV] c:\windows\system32\spool\drivers\w32x86\3\CMPDPSRV.EXE
mRun: [tgcmd] c:\program files\support.com\bin\tgcmd.exe /server /startmonitor /deaf
mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [x3watch] c:\program files\x3watch\x3watch.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.6.0_05\bin\jusched.exe
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adware~1.lnk - c:\program files\adwarefilter\adwarefilter.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\office2k\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-2-5 213640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-26 206096]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-2-5 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-2-5 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-2-5 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-2-5 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-2-5 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-5 40552]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-2-28 24652]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-5 34216]

=============== Created Last 30 ================

2009-02-27 10:47 10,240 a------- c:\windows\system32\iehelper.dll
2009-02-26 15:26 --d-h--- c:\windows\PIF
2009-02-21 18:07 16,896 a------- c:\windows\svcho.exe
2009-02-21 18:07 16,896 a------- c:\windows\syssvc.exe
2009-02-21 16:34 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-21 16:34 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-21 16:34 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-21 16:34 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-21 14:41 --d----- c:\program files\XPPoliceAntivirus
2009-02-21 14:40 21,446 a------- c:\windows\system32\sf.ico
2009-02-21 14:40 13,942 a------- c:\windows\system32\m3.ico
2009-02-21 14:40 13,942 a------- c:\windows\system32\c.ico
2009-02-21 14:40 11,062 a------- c:\windows\system32\p.ico
2009-02-21 14:40 7,662 a------- c:\windows\system32\m.ico
2009-02-21 14:40 4,286 a------- c:\windows\system32\s.ico
2009-02-21 14:40 364,044 a------- c:\windows\sysguard.exe
2009-02-09 16:20 54,156 a---h--- c:\windows\QTFont.qfn
2009-02-09 16:20 1,409 a------- c:\windows\QTFont.for

==================== Find3M ====================

2009-02-27 10:51 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT
2009-02-25 21:40 29,542 a------- c:\docume~1\rachel\applic~1\wklnhst.dat
2009-01-16 21:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2009-01-09 12:03 213,640 a------- c:\windows\system32\drivers\mfehidk.sys
2009-01-09 12:03 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-01-09 12:03 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-01-09 12:03 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-01-09 12:03 34,216 a------- c:\windows\system32\drivers\mferkdk.sys
2009-01-02 12:16 193,948 a------- c:\windows\system32\rn.tmp
2008-12-19 03:10 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 03:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-18 23:25 634,024 -------- c:\windows\system32\dllcache\iexplore.exe
2008-12-18 23:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-12-11 04:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2007-02-27 15:30 87,720 a------- c:\docume~1\rachel\applic~1\GDIPFONTCACHEV1.DAT
2006-02-24 10:38 342,716 a--sh--- c:\windows\system32\aybeg.bak1
2006-03-01 20:36 559,030 a--sh--- c:\windows\system32\aybeg.bak2
2006-03-01 20:52 558,910 a--sh--- c:\windows\system32\aybeg.ini2
2008-08-20 09:04 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082020080821\index.dat

============= FINISH: 14:28:34.96 ===============

descriptionSpyware 2009/BankerFox.A/Win32 - Page 2 EmptyRe: Spyware 2009/BankerFox.A/Win32

more_horiz
Question: I ran this from another user on our home computer because the pop ups don't come up when logged in to this username. Do I need to run this from the user that's having all the pop ups? I guess I figured the infected files would be shared amongst users...so it wouldn't matter which username I logged in under.

descriptionSpyware 2009/BankerFox.A/Win32 - Page 2 EmptyRe: Spyware 2009/BankerFox.A/Win32

more_horiz
Hello. So two user accounts are infected? I see one account called "Rachel", what's the other user account called?

The DDS log was taken from Rachel, so run this on the Rachel account.

Please download the OTMoveIt3 by OldTimer.

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :files
    c:\program files\XPPoliceAntivirus
    c:\windows\system32\sf.ico
    c:\windows\system32\m3.ico
    c:\windows\system32\c.ico
    c:\windows\system32\p.ico
    c:\windows\system32\m.ico
    c:\windows\system32\s.ico
    c:\windows\sysguard.exe
    c:\windows\svcho.exe
    c:\windows\syssvc.exe
    c:\windows\system32\iehelper.dll
    c:\windows\system32\rn.tmp
    c:\windows\system32\aybeg.bak1
    c:\windows\system32\aybeg.bak2
    c:\windows\system32\aybeg.ini2
    c:\program files\mywaysa

    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c9c42510-9b21-41c1-9dcd-8382a2d07c61}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d25f921-b9fe-4682-bf72-8ab8210d6d75}]


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

descriptionSpyware 2009/BankerFox.A/Win32 - Page 2 EmptyRe: Spyware 2009/BankerFox.A/Win32

more_horiz
The spyware 2009, xp police, and all the pop-ups are coming under the user name "Kim"

descriptionSpyware 2009/BankerFox.A/Win32 - Page 2 EmptyRe: Spyware 2009/BankerFox.A/Win32

more_horiz
Every time I try to run the links you originally gave me under "kim" windows blocks it from running..even with McAfee completely disabled..so i tried under the username "rachel" and it worked..so that's what I sent you.

descriptionSpyware 2009/BankerFox.A/Win32 - Page 2 EmptyRe: Spyware 2009/BankerFox.A/Win32

more_horiz
Ah.
Okay, we'll clean that too, but run the OTMoveIt script on Rachel, because there is signs of malware on that account and the Rachel account doesn't seem to be too bad.

Once the OTMoveIt result is done, log-off Rachel and onto Kim and we'll see what we can do about that.

descriptionSpyware 2009/BankerFox.A/Win32 - Page 2 EmptyRe: Spyware 2009/BankerFox.A/Win32

more_horiz
========== FILES ==========
c:\program files\XPPoliceAntivirus\sounds moved successfully.
c:\program files\XPPoliceAntivirus\plugins moved successfully.
c:\program files\XPPoliceAntivirus moved successfully.
c:\windows\system32\sf.ico moved successfully.
c:\windows\system32\m3.ico moved successfully.
c:\windows\system32\c.ico moved successfully.
c:\windows\system32\p.ico moved successfully.
c:\windows\system32\m.ico moved successfully.
c:\windows\system32\s.ico moved successfully.
c:\windows\sysguard.exe moved successfully.
c:\windows\svcho.exe moved successfully.
c:\windows\syssvc.exe moved successfully.
c:\windows\system32\iehelper.dll unregistered successfully.
c:\windows\system32\iehelper.dll moved successfully.
c:\windows\system32\rn.tmp moved successfully.
c:\windows\system32\aybeg.bak1 moved successfully.
c:\windows\system32\aybeg.bak2 moved successfully.
c:\windows\system32\aybeg.ini2 moved successfully.
c:\program files\MyWaySA\SrchAsDe moved successfully.
c:\program files\MyWaySA moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c9c42510-9b21-41c1-9dcd-8382a2d07c61}\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d25f921-b9fe-4682-bf72-8ab8210d6d75}\\ deleted successfully.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02272009_145610

descriptionSpyware 2009/BankerFox.A/Win32 - Page 2 EmptyRe: Spyware 2009/BankerFox.A/Win32

more_horiz
Okay, logon to Kim now and see if this will run.

Please download SilentRunners from here:
http://www.silentrunners.org/Silent%20Runners.zip
Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, a message will pop up and a logfile will have been created on the desktop. The log will be quite big, so you may need to split it up into several posts.

descriptionSpyware 2009/BankerFox.A/Win32 - Page 2 EmptyRe: Spyware 2009/BankerFox.A/Win32

more_horiz
OK..I am logged on as "kim" and did the download. Saved to desktop. Double clicked to run and windows blocked it. i have mcafee completely disabled.

descriptionSpyware 2009/BankerFox.A/Win32 - Page 2 EmptyRe: Spyware 2009/BankerFox.A/Win32

more_horiz
Hello.
Completely uninstall Mcafee, because it's so annoying when it interferes, because it blocks soooo many tools.

descriptionSpyware 2009/BankerFox.A/Win32 - Page 2 EmptyRe: Spyware 2009/BankerFox.A/Win32

more_horiz
There were no pop-ups or spyware 2009 garbage this time when I logged in under "kim" after running that clean-up on user "rachel"..fyi.

descriptionSpyware 2009/BankerFox.A/Win32 - Page 2 EmptyRe: Spyware 2009/BankerFox.A/Win32

more_horiz
How come McAfee interferes with one user and not another on the same computer?

descriptionSpyware 2009/BankerFox.A/Win32 - Page 2 EmptyRe: Spyware 2009/BankerFox.A/Win32

more_horiz
Dunno.
Go to Start > Control Panel > Add/Remove Programs and remove any Mcafee products.

descriptionSpyware 2009/BankerFox.A/Win32 - Page 2 EmptyRe: Spyware 2009/BankerFox.A/Win32

more_horiz
OK..you want me to go to add/remove programs and get rid of mcafee?

descriptionSpyware 2009/BankerFox.A/Win32 - Page 2 EmptyRe: Spyware 2009/BankerFox.A/Win32

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum