This is from SmitfraudFix and needs no alarm. Delete it if you want to, otherwise you can leave it alone, safely.

Same goes for this:

Next:

1. Please download the Killbox.
2. Unzip it to the desktop but do NOT run it yet.
3. Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.
4. Once in Safe Mode, please run Killbox.
5. Click "Delete on Reboot".
6. Paste the following into the top "Full Path of File to Delete" box.
   • C:\WINDOWS\Downloaded Program Files\startbf2.inf
7. Click the red-and-white "Delete File".
8. Click "Yes" at the Delete on Reboot prompt.
9. Click "No" at the Pending Operations prompt.

Restart your computer. Download Ad-Aware SE Personal and install it. If you already have Ad-Aware SE, please configure it as indicated below. If you have a previous version of Ad-Aware, please uninstall your current version and install the newest version SE 1.06.

1) Run Ad-Aware, and click Check for updates now.

2) Select Configurations (click the Gear wheel at the top) as follows:

• General Button > Safety & Settings: Check (Green) all three.
• Tweak Button > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Click Proceed.

3) To start the scan, Click > "Scan Now" at left

• Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
• Select "Search for low-risk threats"
• Select "Perform full system scan"
• Click Next

4) When the scan has completed, select Next.

• In the Scanning Results window, select the "Critical Objects" tab.
• Right-click on the screen and choose "Select all objects"
• Click Next to remove the infections found, and click OK to the prompt.
• Restart the computer.

Can I see a fresh AVG Anti-spyware log please? Don't lose heart - we are getting there!

Hi Chiawaikian,

Thanks for continually helping me out. I did as you asked and apart from a few tracking cookies, AVG Anti-Spyware does not appear to have picked up on anything nasty. The only instruction of yours I couldn't carry out was right at the end of the Killbox list. You said to click "No" at the Pending Operations prompt. I did not receive this prompt at all. After clicking "yes" when asked if I wished to reboot, it immediately rebooted without any further dialogue boxes.

Is there anything else to do now? You know, like another Pandascan or AVG Anti-Virus scan?

If not, thank you for all your help!

Kind regards,
Michael

Attached Files

Report-Scan-20070119-235256.txt (3.8 KB, 1 views)

Run ActiveScan again if you will - the only thing that I'm not positive about removing is:
Let's see if the full system scan with Ad-aware removed it. We can't do anything to it manually because of the vague file/registry location.

Hi again,

Hmm, the Trojan still seems to be there. I will buy Pandascan's software if I need to. Of course I'd much rather there was a FREE tool I could use!

Also, I see that the "startbf2.inf" file is now associated with Killbox! I thought it was supposed to have deleted it!!!

Kind regards,
Mike

Attached Files

Activescan3.txt (4.1 KB, 2 views)

There's no need to purchase the software because of this. The virus only has remnants left around somewhere, which does not pose much of a security risk.

The startbf2.inf file is in Killbox's backup folder. You can delete the entire Killbox folder now.



Other than the above, your computer appears clean to me.

Thank you Chiawaikian for all your help. You are officially on my Christmas card list!
Mike

You're welcome.

You may like to read the "Afterwork" for malware prevention tips:
http://www.pchelpforum.com/hijackthi...afterwork.html



Good luck, and see you around.