Member Panel

zeth_g · 11:26 AM

heeeelp! an hour ago, i got this anti virus message saying i had gotten a virus, and i can't get rid of it, this window keeps popping up everytime i start my pc. i runed ad-aware and spybot already and it stills there! hope this can help:

Admin edit: - Please attach log files in future.
log.txt

Zimbo

Does it mention what the name of the virus is?
What antivirus software are you using?
Is it up to date?

Someone from the security team will be able to take a look at that log but in the meantime would you be able to run an Ewido scan on your system, you can find information + links in `Prework` in my signature.

Can you also run this online scan:
http://www.pandasoftware.com/products/activescan.htm

joe5 · 12:09 PM

Hya Zeth_g.

Can you first uninstall "UnSpyPC" in add/remove programs.

Before fixing things with HijackThis Please Do the Following:

Show hidden files and folders:

For 98/2000/ME:

Double-click the My Computer icon
Click on the View menu, click Folder Options
Advanced Settings box, under the "Hidden files" folder, click Show all files.
If you see a warning message, click Yes.
Click Apply.
Click OK.

Disable System Restore to prevent re-infection.
(If you have/use it. You can turn it back on when youre PC is clean).

How to disable system restore:

WinME.

Click Start > Settings > Control Panel.
Double-click the System icon.
If the System icon is not visible, click View all Control Panel options to display it.
On the Performance tab, click File System.
On the Troubleshooting tab check Disable System Restore.
Click OK. Click Yes, when you are prompted to restart Windows.

Please download CCleaner

Then boot in safemode (hit f8 when booting up) , and then fix these with hjt:

O9 - Extra button: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Archivos de programa\UnSpyPC\UnSpyPC.exe (HKCU)
O9 - Extra 'Tools' menuitem: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Archivos de programa\UnSpyPC\UnSpyPC.exe (HKCU)

Then delete the folder in bold , and run Ccleaner.

Then reboot and upload these files:

C:\WINDOWS\SYSTEM\E_S08IC1.EXE
C:\WINDOWS\SYSTEM\IDEMLOG.EXE

to these sites and report back the results please:

http://www.virustotal.com/flash/index_en.html

http://virusscan.jotti.org/

Also i would recommend to install a firewall , you could have a look in our download section for some free ones. And windows should be updated.

Then please post a new hjt log and the results from uploading those 2 files.

PS @ Zimbo , he is using WinME and unfortunatly Ewido only works on XP/2000.

zeth_g · 06:45 PM

Hi, first of all, thanks a lot for the help
i tryed to do what you asked me, but these files:

O9 - Extra button: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Archivos de programa\UnSpyPC\UnSpyPC.exe (HKCU)
O9 - Extra 'Tools' menuitem: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Archivos de programa\UnSpyPC\UnSpyPC.exe (HKCU)

were no longer there when i ran the hjt; i uploaded the two files:
C:\WINDOWS\SYSTEM\E_S08IC1.EXE
C:\WINDOWS\SYSTEM\IDEMLOG.EXE

for the first one it found no virus, as for the second, here are the results:

Results of a file scan
This is a report processed by VirusTotal on 12/05/2005 at 18:27:59 (CET) after scanning the file "idemlog.exe" file.

< thead>
Antivirus Version Update Result
AntiVir 6.32.1.63 12.05.2005 no virus found
Avast 4.6.695.0 12.05.2005 no virus found
AVG 718 12.05.2005 no virus found
Avira 6.32.1.63 12.05.2005 no virus found
BitDefender 7.2 12.05.2005 no virus found
CAT-QuickHeal 8.00 12.05.2005 no virus found
ClamAV devel-20051108 12.05.2005 no virus found
DrWeb 4.33 12.05.2005 no virus found
eTrust-Iris 7.1.194.0 12.04.2005 no virus found
eTrust-Vet 11.9.1.0 12.05.2005 no virus found
Fortinet 2.48.0.0 12.05.2005 suspicious
F-Prot 3.16c 12 .05.2005 no virus found
Ikarus 0.2.59.0 12.05.2005 no virus found
Kaspersky 4.0.2.24 12.05.2005 no virus found
McAfee 4643 12.05.2005 no virus found
NOD32v2 1.1311 12.02.2005 no virus found
Norman 5.70.10 12.05.2005 no virus found
Panda 8.02.00 12.05.2005 Adware/IdeskBar
Sophos 4.00.0 12.05.2005 no virus found
Symantec 8.0 12.05.2005 no virus found
TheHacker 5.9.1.049 12.05.2005 no virus found
VBA32 3.10.5 12.05.2005 Adware.Idesk

the antivirus that i use is AVG

thanks!

ladygreenwitch

:smiley: Hey Guys,

@ZethG,

I would suggest reading the PCHF Protecting Your PC article in my signature. It may make the importance of Joe's suggestion clearer for you.

Can you please download and install SpySweeper from my signature. Make sure that you select the Free Trial, once installed, do an update to make sure you have the latest definitions. Then click on Options, Sweep Options, select all of the options under what to sweep, except, Do Not Sweep System Restore Files. Then click on Sweep, Start. Let it fix anything that it finds.

You can read the article while you're scanning if you print it out first :smiley: .

Then run CCleaner again, and then run HijackThis one more time and post the log back here.

Look forward to your reply,

TTFN

LGW

joe5

Originally Posted by zeth_g

Hi, first of all, thanks a lot for the help
i tryed to do what you asked me, but these files:

O9 - Extra button: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Archivos de programa\UnSpyPC\UnSpyPC.exe (HKCU)
O9 - Extra 'Tools' menuitem: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Archivos de programa\UnSpyPC\UnSpyPC.exe (HKCU)

were no longer there when i ran the hjt;

They where probebly removed when you uninstalled it in add/remove programs.

i uploaded the two files:
C:\WINDOWS\SYSTEM\E_S08IC1.EXE
C:\WINDOWS\SYSTEM\IDEMLOG.EXE

for the first one it found no virus, as for the second, here are the results:

The first is probebly a driver and indeed safe but it was in a strange place so i dubbel checked it.

Results of a file scan
This is a report processed by VirusTotal on 12/05/2005 at 18:27:59 (CET) after scanning the file "idemlog.exe" file.

< thead>
Antivirus Version Update Result
AntiVir 6.32.1.63 12.05.2005 no virus found
Avast 4.6.695.0 12.05.2005 no virus found
AVG 718 12.05.2005 no virus found
Avira 6.32.1.63 12.05.2005 no virus found
BitDefender 7.2 12.05.2005 no virus found
CAT-QuickHeal 8.00 12.05.2005 no virus found
ClamAV devel-20051108 12.05.2005 no virus found
DrWeb 4.33 12.05.2005 no virus found
eTrust-Iris 7.1.194.0 12.04.2005 no virus found
eTrust-Vet 11.9.1.0 12.05.2005 no virus found
Fortinet 2.48.0.0 12.05.2005 suspicious
F-Prot 3.16c 12 .05.2005 no virus found
Ikarus 0.2.59.0 12.05.2005 no virus found
Kaspersky 4.0.2.24 12.05.2005 no virus found
McAfee 4643 12.05.2005 no virus found
NOD32v2 1.1311 12.02.2005 no virus found
Norman 5.70.10 12.05.2005 no virus found
Panda 8.02.00 12.05.2005 Adware/IdeskBar
Sophos 4.00.0 12.05.2005 no virus found
Symantec 8.0 12.05.2005 no virus found
TheHacker 5.9.1.049 12.05.2005 no virus found
VBA32 3.10.5 12.05.2005 Adware.Idesk

the antivirus that i use is AVG

thanks!

Let's get rid of it. :smiley:

Boot in safemode and fix this line with hjt:

O4 - HKCU\..\Run: [desktop] C:\WINDOWS\SYSTEM\IDEMLOG.EXE

And delete the file in bold.

Member Panel

Sponsors and Ads

Noticeboard