Member Panel

Did you check if blacklight placed a log automaticly in the same place/folder that blacklight is in? That log could really help.

And the first two items on the screen shot indicate that they both have a hidden file and a process tied to them.. not good..


And that folder you mentioned doesn't sound good either , but i would need more info (hopefully the log file) to start removing things.

And i don't expect to see normally hidden files to show up in a blacklight scan but you could run a scan with those files set to show and see if the results are diferent.

I was running the program from the website and it didn't download onto the computer. I saved it as a target onto the computer and ran it again. This time it only came up with 2 hidden files. I went back and ran it from the website and it came back as 2137 files. I did the scan that I have saved on the computer and it found 2141 files. It didn't save any logs onto the computer though. When it only showed 2 files they were called DMCMSUTB.EXE AND FSFWN11N.EXE

I found the log file but it is to big to attach or paste on here. I'll paste some of it though.

11/25/05 23:36:56 [Info]: Hidden process: C:\PROGRAM FILES\DIROLBAR\ESEWN11N.EXE
11/25/05 23:36:56 [Note]: 4018 1152
11/25/05 23:36:56 [Info]: Hidden process: C:\WINDOWS\SYSTEM32\DMCMSUTB.EXE
11/25/05 23:36:56 [Note]: FSRAW library version 1.7.1013
11/25/05 23:36:57 [Info]: Hidden file: C:\Program Files\Dirolbar\WinGenerics.dll
11/25/05 23:36:57 [Note]: 4002 0
11/25/05 23:36:57 [Note]: 4003 1
11/25/05 23:36:57 [Info]: Hidden file: C:\Program Files\Dirolbar\ACE.DLL
11/25/05 23:36:57 [Note]: 4002 0
11/25/05 23:36:57 [Note]: 4003 1
11/25/05 23:36:57 [Info]: Hidden file: C:\Program Files\Dirolbar\DATA.BIN
11/25/05 23:36:57 [Note]: 4002 0
11/25/05 23:36:57 [Note]: 4003 1
11/25/05 23:36:57 [Info]: Hidden file: C:\Program Files\Dirolbar\LFPOGSVC.EXE
11/25/05 23:36:57 [Note]: 4002 0
11/25/05 23:36:57 [Note]: 4003 1
11/25/05 23:36:57 [Info]: Hidden file: C:\PROGRAM FILES\DIROLBAR\ESEWN11N.EXE
11/25/05 23:36:57 [Note]: 4002 0
11/25/05 23:36:57 [Note]: 4003 1
11/25/05 23:36:57 [Info]: Hidden file: C:\Program Files\Dirolbar\AI_21-11-2005.log
11/25/05 23:36:57 [Note]: 4002 0
11/25/05 23:36:57 [Note]: 4003 1
11/25/05 23:36:57 [Info]: Hidden file: C:\Program Files\Dirolbar\Cache\00000029_43816c0c_00090799
11/25/05 23:36:57 [Note]: 4002 0
11/25/05 23:36:57 [Note]: 4003 1
11/25/05 23:36:57 [Info]: Hidden file: C:\Program Files\Dirolbar\Cache\00004823_43816c17_00012c2e
11/25/05 23:36:57 [Note]: 4002 0
11/25/05 23:36:57 [Note]: 4003 1
11/25/05 23:36:57 [Info]: Hidden file: C:\Program Files\Dirolbar\Cache\000018be_43816c1b_000a94ec
11/25/05 23:36:57 [Note]: 4002 0
11/25/05 23:36:57 [Note]: 4003 1
11/25/05 23:36:57 [Info]: Hidden file: C:\Program Files\Dirolbar\Cache\00006784_43816c1b_000cb896
11/25/05 23:36:57 [Note]: 4002 0
11/25/05 23:36:57 [Note]: 4003 1
11/25/05 23:36:57 [Info]: Hidden file: C:\Program Files\Dirolbar\Cache\00004ae1_43816c25_000aa60e
11/25/05 23:36:57 [Note]: 4002 0
11/25/05 23:36:57 [Note]: 4003 1
11/25/05 23:36:57 [Info]: Hidden file: C:\Program Files\Dirolbar\Cache\00003d6c_43816cea_0006e0e3
11/25/05 23:36:57 [Note]: 4002 0
11/25/05 23:36:57 [Note]: 4003 1
11/25/05 23:36:57 [Info]: Hidden file: C:\Program Files\Dirolbar\Cache\00002cd6_43816cec_0007617e
11/25/05 23:36:57 [Note]: 4002 0
11/25/05 23:36:57 [Note]: 4003 1
11/25/05 23:36:57 [Info]: Hidden file: C:\Program Files\Dirolbar\Cache\000072ae_43816cf7_000dbc1e
11/25/05 23:36:57 [Note]: 4002 0
11/25/05 23:36:57 [Note]: 4003 1
11/25/05 23:36:57 [Info]: Hidden file: C:\Program Files\Dirolbar\Cache\00006952_43816cf8_00077de0
11/25/05 23:36:57 [Note]: 4002 0
11/25/05 23:36:57 [Note]: 4003 1
11/25/05 23:36:57 [Info]: Hidden file: C:\Program Files\Dirolbar\Cache\00005f90_43816cf8_000efab1
11/25/05 23:36:57 [Note]: 4002 0
11/25/05 23:36:57 [Note]: 4003 1
11/25/05 23:36:57 [Info]: Hidden file: C:\Program Files\Dirolbar\Cache\00001649_43816d00_00013fe3
11/25/05 23:36:57 [Note]: 4002 0

Can you have a look in add and remove programs for an entry called "POP!" and uninstall it if its there?

I did not find any called POP!

You could try to delete parts and then run a new scan to see what remains , it seems most files are in one folder. But i must add that as i said before , i don't know to much about rootkits , and rootkits can be perticulairy nasty and trying to remove them could make youre pc unbootable and/or cause data los.


That said ,you can try to let killbox delete the files if you want to:

Download Pocket Killbox version 2.0.0.175

http://www.atribune.org/downloads/KillBox.exe

If you already have Killbox first ensure it is this version !.
Start Killbox place a tick next to [x]delete on reboot.
Copy this whole list into the windows clipboard, all the Bolded below.


C:\Program Files\Dirolbar
C:\WINDOWS\SYSTEM32\DMCMSUTB.EXE



Back in Killbox go > file > paste from clipboard,
Click the red highlighted X button and say yes to the prompt, then click OK.

Exit Killbox and restart your PC.

What is the windows clipboard?