Infected PC ANUMAN LIVE
Solved
libellulelibellule
Posted messages
8
Status
Membre
-
crapoulou Posted messages 28002 Registration date Status Modérateur, Contributeur sécurité Last intervention -
crapoulou Posted messages 28002 Registration date Status Modérateur, Contributeur sécurité Last intervention -
Hello,
my PC has viruses (I have antivirus that is usually very effective and doesn't let anything through)
I have an icon on my desktop called ANUMAN LIVE and I think this is the reason I have viruses.
If I check its properties, here's what it shows: ""C:\Users\stephanie\AppData\Roaming\Anuman Interactive\AnumanLive\AnumanLive.exe" /POPUP
I don't have any software on my PC called ANUMAN
how can I get rid of it
PS: I can't find the files by following this path: ""C:\Users\stephanie\AppData\Roaming\Anuman Interactive\AnumanLive\AnumanLive.exe" /POPUP
thank you for your help
my PC has viruses (I have antivirus that is usually very effective and doesn't let anything through)
I have an icon on my desktop called ANUMAN LIVE and I think this is the reason I have viruses.
If I check its properties, here's what it shows: ""C:\Users\stephanie\AppData\Roaming\Anuman Interactive\AnumanLive\AnumanLive.exe" /POPUP
I don't have any software on my PC called ANUMAN
how can I get rid of it
PS: I can't find the files by following this path: ""C:\Users\stephanie\AppData\Roaming\Anuman Interactive\AnumanLive\AnumanLive.exe" /POPUP
thank you for your help
Configuration: Windows Vista Internet Explorer 8.0
13 réponses
Look in the folder C:\Users\stephanie\AppData\Roaming\Anuman Interactive\AnumanLive\ to see if you have a file "uninstall.exe". If not, launch CCleaner, go to the "tools" section, uninstall programs, and check if the software is listed there. If it isn't, it’s possible that this software is already uninstalled. In that case, you can delete the shortcut from your desktop.
I couldn’t install SYMANTEC, it seems to be a problem because it’s telling me
Unable to start the antivirus scan
To run the antivirus scan, you must use Microsoft Internet Explorer 5.0 or a later version with ActiveX and scripts enabled.
So I'm doing a scan with AVIRA ANTIVIR
What do you think?
I just looked, it found some trojans..
Unable to start the antivirus scan
To run the antivirus scan, you must use Microsoft Internet Explorer 5.0 or a later version with ActiveX and scripts enabled.
So I'm doing a scan with AVIRA ANTIVIR
What do you think?
I just looked, it found some trojans..
Hi,
It's not a virus:
http://www.anuman.fr/anumanlive.html
It's something you downloaded or installed when you bought your PC. It's an online shopping site. If you want to get rid of it, go to the control panel, add/remove programs. Uninstall this program.
It's not a virus:
http://www.anuman.fr/anumanlive.html
It's something you downloaded or installed when you bought your PC. It's an online shopping site. If you want to get rid of it, go to the control panel, add/remove programs. Uninstall this program.
1- Yes, I'd like to, but I can't find it.
2- Otherwise, how do I get rid of what brings me viruses?
I have already installed TROJAN REMOVER and I have CCLEANER that I have already run.
Thank you.
2- Otherwise, how do I get rid of what brings me viruses?
I have already installed TROJAN REMOVER and I have CCLEANER that I have already run.
Thank you.
Antivirus indicates that you have viruses? If so, I recommend either running an online scan using another software (it's free), like Symantec:
http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=en&venid=sym
There are others, but I find it particularly effective and relatively fast compared to others.
Then, if you have any detected viruses, let me know their names.
http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=en&venid=sym
There are others, but I find it particularly effective and relatively fast compared to others.
Then, if you have any detected viruses, let me know their names.
he is currently loading Symantec ...
in the meantime, how do I find ANUMAN and delete it? I can't find it in the control panel; it's not part of the list of programs..
thank you
in the meantime, how do I find ANUMAN and delete it? I can't find it in the control panel; it's not part of the list of programs..
thank you
Here is the report from my antivirus Avira, it detected several trojans:
Can someone tell me what I should do now? Thank you
I also launched a-squared, I'm waiting for it to finish..
Avira AntiVir Personal
Report file date: Tuesday, January 12, 2010 5:35 PM
Scanning for 1,521,437 virus strains and unwanted programs.
Licensed to: Avira AntiVir Personal - FREE Antivirus
Serial number: 0000149996-ADJIE-0000001
Platform: Windows Vista
Windows version: (Service Pack 2) [6.0.6002]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC-DE-VALERIE
Version information:
BUILD.DAT : 8.2.0.354 17,048 Bytes 10/23/2009 1:15 PM
AVSCAN.EXE : 8.1.4.10 315,649 Bytes 11/27/2008 6:54 PM
AVSCAN.DLL : 8.1.4.0 40,705 Bytes 5/26/2008 7:56 AM
LUKE.DLL : 8.1.4.5 164,097 Bytes 6/12/2008 12:44 PM
LUKERES.DLL : 8.1.4.0 12,033 Bytes 5/26/2008 7:58 AM
ANTIVIR0.VDF : 7.10.0.0 19,875,328 Bytes 11/6/2009 4:11 PM
ANTIVIR1.VDF : 7.10.1.11 1,395,568 Bytes 11/19/2009 4:12 PM
ANTIVIR2.VDF : 7.10.2.166 1,959,328 Bytes 1/11/2010 6:32 AM
ANTIVIR3.VDF : 7.10.2.169 90,112 Bytes 1/11/2010 6:33 AM
Engineversion : 8.2.1.134
AEVDF.DLL : 8.1.1.2 106,867 Bytes 9/20/2009 6:43 PM
AESCRIPT.DLL : 8.1.3.7 594,296 Bytes 1/5/2010 11:47 AM
AESCN.DLL : 8.1.3.0 127,348 Bytes 12/10/2009 7:31 PM
AESBX.DLL : 8.1.1.1 246,132 Bytes 11/24/2009 4:13 PM
AERDL.DLL : 8.1.3.4 479,605 Bytes 12/1/2009 7:24 PM
AEPACK.DLL : 8.2.0.4 422,263 Bytes 1/5/2010 11:47 AM
AEOFFICE.DLL : 8.1.0.38 196,987 Bytes 6/18/2009 10:44 AM
AEHEUR.DLL : 8.1.0.194 2,228,599 Bytes 1/8/2010 7:31 PM
AEHELP.DLL : 8.1.9.0 237,943 Bytes 12/17/2009 6:51 AM
AEGEN.DLL : 8.1.1.83 369,014 Bytes 1/5/2010 11:47 AM
AEEMU.DLL : 8.1.1.0 393,587 Bytes 10/4/2009 2:26 PM
AECORE.DLL : 8.1.9.1 180,598 Bytes 12/10/2009 7:31 PM
AEBB.DLL : 8.1.0.3 53,618 Bytes 10/15/2008 5:08 PM
AVWINLL.DLL : 1.0.0.12 15,105 Bytes 7/9/2008 8:40 AM
AVPREF.DLL : 8.0.2.0 38,657 Bytes 5/16/2008 9:28 AM
AVREP.DLL : 8.0.0.3 155,688 Bytes 4/17/2009 5:02 PM
AVREG.DLL : 8.0.0.1 33,537 Bytes 5/9/2008 11:26 AM
AVARKT.DLL : 1.0.0.23 307,457 Bytes 2/12/2008 8:29 AM
AVEVTLOG.DLL : 8.0.0.16 119,041 Bytes 6/12/2008 12:27 PM
SQLITE3.DLL : 3.3.17.1 339,968 Bytes 1/22/2008 5:28 PM
SMTPLIB.DLL : 1.2.0.23 28,929 Bytes 6/12/2008 12:49 PM
NETNT.DLL : 8.0.0.1 7,937 Bytes 1/25/2008 12:05 PM
RCIMAGE.DLL : 8.0.0.51 2,371,841 Bytes 6/12/2008 1:48 PM
RCTEXT.DLL : 8.0.52.0 86,273 Bytes 6/27/2008 1:34 PM
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: Tuesday, January 12, 2010 5:35 PM
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'FlashUtil10d.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'wltuser.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'LogonUI.exe' - '1' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'COCIManager.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'LimeWire.exe' - '1' Module(s) have been scanned
Scan process 'AnumanLive.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'CPSHelpRunner.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'SmpSys.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'eorezo.exe' - '1' Module(s) have been scanned
Scan process 'EoEngine.exe' - '1' Module(s) have been scanned
Scan process 'SiteRankTray.exe' - '1' Module(s) have been scanned
Scan process 'ie3sh.exe' - '1' Module(s) have been scanned
Scan process 'BtTray.exe' - '1' Module(s) have been scanned
Scan process 'TimounterMonitor.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'Quickcam.exe' - '1' Module(s) have been scanned
Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'RoxWatchTray9.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'SoftwareUpdateHP.exe' - '1' Module(s) have been scanned
Scan process 'RoxMediaDB9.exe' - '1' Module(s) have been scanned
Scan process 'BsHelpCS.exe' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'RoxWatch9.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'BsMobileCS.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'BlueSoleilCS.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'schedul2.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'SearchGuardPlus.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
90 processes with 90 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
[INFO] Please restart the search with Administrator rights
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
[INFO] Please restart the search with Administrator rights
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
[INFO] Please restart the search with Administrator rights
Master boot sector HD5
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
[INFO] Please restart the search with Administrator rights
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ('55' files).
Starting the file scan:
Begin scan in 'C:\' <HDD>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Fast Browser Search\IE\uninstall.exe
[DETECTION] Is the TR/Agent.178048 Trojan
[NOTE] The file was moved to '4bb5a68b.qua'!
C:\Program Files\Fast Browser Search\IE\uninstalSGP.exe
[DETECTION] Is the TR/Agent.95104 Trojan
[NOTE] The file was moved to '4bb5a68d.qua'!
C:\Program Files\Fast Browser Search\IE\uninstalSGPU.exe
[DETECTION] Is the TR/Agent.89984 Trojan
[NOTE] The file was moved to '4bb5a691.qua'!
C:\Program Files\Search Guard Plus\uninstalSGP.exe
[DETECTION] Is the TR/Agent.95104 Trojan
[NOTE] The file was moved to '4bb5aad0.qua'!
C:\Program Files\Search Guard PlusU\uninstalSGPU.exe
[DETECTION] Is the TR/Agent.89984 Trojan
[NOTE] The file was moved to '4bb5aad3.qua'!
End of the scan: Tuesday, January 12, 2010 6:47 PM
Used time: 1:11:39 Hour(s)
The scan has been done completely.
23,631 Scanning directories
574,156 Files were scanned
5 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
5 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
574,150 Files not concerned
3,760 Archives were scanned
5 Warnings
5 Notes
Can someone tell me what I should do now? Thank you
I also launched a-squared, I'm waiting for it to finish..
Avira AntiVir Personal
Report file date: Tuesday, January 12, 2010 5:35 PM
Scanning for 1,521,437 virus strains and unwanted programs.
Licensed to: Avira AntiVir Personal - FREE Antivirus
Serial number: 0000149996-ADJIE-0000001
Platform: Windows Vista
Windows version: (Service Pack 2) [6.0.6002]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC-DE-VALERIE
Version information:
BUILD.DAT : 8.2.0.354 17,048 Bytes 10/23/2009 1:15 PM
AVSCAN.EXE : 8.1.4.10 315,649 Bytes 11/27/2008 6:54 PM
AVSCAN.DLL : 8.1.4.0 40,705 Bytes 5/26/2008 7:56 AM
LUKE.DLL : 8.1.4.5 164,097 Bytes 6/12/2008 12:44 PM
LUKERES.DLL : 8.1.4.0 12,033 Bytes 5/26/2008 7:58 AM
ANTIVIR0.VDF : 7.10.0.0 19,875,328 Bytes 11/6/2009 4:11 PM
ANTIVIR1.VDF : 7.10.1.11 1,395,568 Bytes 11/19/2009 4:12 PM
ANTIVIR2.VDF : 7.10.2.166 1,959,328 Bytes 1/11/2010 6:32 AM
ANTIVIR3.VDF : 7.10.2.169 90,112 Bytes 1/11/2010 6:33 AM
Engineversion : 8.2.1.134
AEVDF.DLL : 8.1.1.2 106,867 Bytes 9/20/2009 6:43 PM
AESCRIPT.DLL : 8.1.3.7 594,296 Bytes 1/5/2010 11:47 AM
AESCN.DLL : 8.1.3.0 127,348 Bytes 12/10/2009 7:31 PM
AESBX.DLL : 8.1.1.1 246,132 Bytes 11/24/2009 4:13 PM
AERDL.DLL : 8.1.3.4 479,605 Bytes 12/1/2009 7:24 PM
AEPACK.DLL : 8.2.0.4 422,263 Bytes 1/5/2010 11:47 AM
AEOFFICE.DLL : 8.1.0.38 196,987 Bytes 6/18/2009 10:44 AM
AEHEUR.DLL : 8.1.0.194 2,228,599 Bytes 1/8/2010 7:31 PM
AEHELP.DLL : 8.1.9.0 237,943 Bytes 12/17/2009 6:51 AM
AEGEN.DLL : 8.1.1.83 369,014 Bytes 1/5/2010 11:47 AM
AEEMU.DLL : 8.1.1.0 393,587 Bytes 10/4/2009 2:26 PM
AECORE.DLL : 8.1.9.1 180,598 Bytes 12/10/2009 7:31 PM
AEBB.DLL : 8.1.0.3 53,618 Bytes 10/15/2008 5:08 PM
AVWINLL.DLL : 1.0.0.12 15,105 Bytes 7/9/2008 8:40 AM
AVPREF.DLL : 8.0.2.0 38,657 Bytes 5/16/2008 9:28 AM
AVREP.DLL : 8.0.0.3 155,688 Bytes 4/17/2009 5:02 PM
AVREG.DLL : 8.0.0.1 33,537 Bytes 5/9/2008 11:26 AM
AVARKT.DLL : 1.0.0.23 307,457 Bytes 2/12/2008 8:29 AM
AVEVTLOG.DLL : 8.0.0.16 119,041 Bytes 6/12/2008 12:27 PM
SQLITE3.DLL : 3.3.17.1 339,968 Bytes 1/22/2008 5:28 PM
SMTPLIB.DLL : 1.2.0.23 28,929 Bytes 6/12/2008 12:49 PM
NETNT.DLL : 8.0.0.1 7,937 Bytes 1/25/2008 12:05 PM
RCIMAGE.DLL : 8.0.0.51 2,371,841 Bytes 6/12/2008 1:48 PM
RCTEXT.DLL : 8.0.52.0 86,273 Bytes 6/27/2008 1:34 PM
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: Tuesday, January 12, 2010 5:35 PM
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'FlashUtil10d.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'wltuser.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'LogonUI.exe' - '1' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'COCIManager.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'LimeWire.exe' - '1' Module(s) have been scanned
Scan process 'AnumanLive.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'CPSHelpRunner.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'SmpSys.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'eorezo.exe' - '1' Module(s) have been scanned
Scan process 'EoEngine.exe' - '1' Module(s) have been scanned
Scan process 'SiteRankTray.exe' - '1' Module(s) have been scanned
Scan process 'ie3sh.exe' - '1' Module(s) have been scanned
Scan process 'BtTray.exe' - '1' Module(s) have been scanned
Scan process 'TimounterMonitor.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'Quickcam.exe' - '1' Module(s) have been scanned
Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'RoxWatchTray9.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'SoftwareUpdateHP.exe' - '1' Module(s) have been scanned
Scan process 'RoxMediaDB9.exe' - '1' Module(s) have been scanned
Scan process 'BsHelpCS.exe' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'RoxWatch9.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'BsMobileCS.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'BlueSoleilCS.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'schedul2.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'SearchGuardPlus.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
90 processes with 90 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
[INFO] Please restart the search with Administrator rights
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
[INFO] Please restart the search with Administrator rights
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
[INFO] Please restart the search with Administrator rights
Master boot sector HD5
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
[INFO] Please restart the search with Administrator rights
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ('55' files).
Starting the file scan:
Begin scan in 'C:\' <HDD>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Fast Browser Search\IE\uninstall.exe
[DETECTION] Is the TR/Agent.178048 Trojan
[NOTE] The file was moved to '4bb5a68b.qua'!
C:\Program Files\Fast Browser Search\IE\uninstalSGP.exe
[DETECTION] Is the TR/Agent.95104 Trojan
[NOTE] The file was moved to '4bb5a68d.qua'!
C:\Program Files\Fast Browser Search\IE\uninstalSGPU.exe
[DETECTION] Is the TR/Agent.89984 Trojan
[NOTE] The file was moved to '4bb5a691.qua'!
C:\Program Files\Search Guard Plus\uninstalSGP.exe
[DETECTION] Is the TR/Agent.95104 Trojan
[NOTE] The file was moved to '4bb5aad0.qua'!
C:\Program Files\Search Guard PlusU\uninstalSGPU.exe
[DETECTION] Is the TR/Agent.89984 Trojan
[NOTE] The file was moved to '4bb5aad3.qua'!
End of the scan: Tuesday, January 12, 2010 6:47 PM
Used time: 1:11:39 Hour(s)
The scan has been done completely.
23,631 Scanning directories
574,156 Files were scanned
5 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
5 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
574,150 Files not concerned
3,760 Archives were scanned
5 Warnings
5 Notes
OK. So, your antivirus puts infected files in quarantine but can't delete them.
Download Malwarebytes:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Install it, and on the first run, update it.
Start a scan, and delete everything it finds. It will ask you if you want to save the selection, save that somewhere.
Normally, your PC will be completely disinfected.
If it doesn't work, run a scan, and copy/paste the report on the forum.
Good luck!
Download Malwarebytes:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Install it, and on the first run, update it.
Start a scan, and delete everything it finds. It will ask you if you want to save the selection, save that somewhere.
Normally, your PC will be completely disinfected.
If it doesn't work, run a scan, and copy/paste the report on the forum.
Good luck!
Here is the report
Malwarebytes' Anti-Malware 1.44
Database version: 3554
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865
01/13/2010 20:03:10
mbam-log-2010-01-13 (20-03-10).txt
Search type: Full scan (C:\|)
Items examined: 220447
Elapsed time: 46 minute(s), 59 second(s)
Infected memory process(es): 3
Infected memory module(s): 3
Infected Registry key(s): 16
Infected Registry value(s): 3
Infected Registry data item(s): 0
Infected folder(s): 0
Infected file(s): 7
Infected memory process(es):
C:\Users\stephanie\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> Unloaded process successfully.
C:\Program Files\EoRezo\EoEngine.exe (Rogue.Eorezo) -> Unloaded process successfully.
C:\Program Files\EoRezo\eorezo.exe (Rogue.Eorezo) -> Unloaded process successfully.
Infected memory module(s):
C:\Program Files\EoRezo\EoAdv\EoAdv.dll (Rogue.Eorezo) -> Delete on reboot.
C:\Program Files\EoRezo\EoRezoBHO.dll (Rogue.Eorezo) -> Delete on reboot.
C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (Rogue.Eorezo) -> Delete on reboot.
Infected Registry key(s):
HKEY_CLASSES_ROOT\TypeLib\{18af7201-4f14-4bcf-93fe-45617cf259ff} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{df76e9b7-35ec-46fc-af56-5b79ded9d64f} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c10dc1f4-ccdf-4224-a24d-b23afc3573c8} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c10dc1f4-ccdf-4224-a24d-b23afc3573c8} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c10dc1f4-ccdf-4224-a24d-b23afc3573c8} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c10dc1f4-ccdf-4224-a24d-b23afc3573c8} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{b6acb3f1-6a83-432c-b854-3e1056f87f4e} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{819db72d-1c28-4387-9778-e2ff3dc86f74} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c7b76b90-3455-4ae6-a752-eac4d19689e5} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c7b76b90-3455-4ae6-a752-eac4d19689e5} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c7b76b90-3455-4ae6-a752-eac4d19689e5} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c7b76b90-3455-4ae6-a752-eac4d19689e5} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
Infected Registry value(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\softwarehelper (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eoengine (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eorezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
Infected Registry data item(s):
(No harmful item detected)
Infected folder(s):
(No harmful item detected)
Infected file(s):
C:\Users\stephanie\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoEngine.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoAdv\EoAdv.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\eorezo.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoBHO.dll (Rogue.Eorezo) -> Delete on reboot.
C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (Rogue.Eorezo) -> Delete on reboot.
C:\Users\stephanie\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdate.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.44
Database version: 3554
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865
01/13/2010 20:03:10
mbam-log-2010-01-13 (20-03-10).txt
Search type: Full scan (C:\|)
Items examined: 220447
Elapsed time: 46 minute(s), 59 second(s)
Infected memory process(es): 3
Infected memory module(s): 3
Infected Registry key(s): 16
Infected Registry value(s): 3
Infected Registry data item(s): 0
Infected folder(s): 0
Infected file(s): 7
Infected memory process(es):
C:\Users\stephanie\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> Unloaded process successfully.
C:\Program Files\EoRezo\EoEngine.exe (Rogue.Eorezo) -> Unloaded process successfully.
C:\Program Files\EoRezo\eorezo.exe (Rogue.Eorezo) -> Unloaded process successfully.
Infected memory module(s):
C:\Program Files\EoRezo\EoAdv\EoAdv.dll (Rogue.Eorezo) -> Delete on reboot.
C:\Program Files\EoRezo\EoRezoBHO.dll (Rogue.Eorezo) -> Delete on reboot.
C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (Rogue.Eorezo) -> Delete on reboot.
Infected Registry key(s):
HKEY_CLASSES_ROOT\TypeLib\{18af7201-4f14-4bcf-93fe-45617cf259ff} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{df76e9b7-35ec-46fc-af56-5b79ded9d64f} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c10dc1f4-ccdf-4224-a24d-b23afc3573c8} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c10dc1f4-ccdf-4224-a24d-b23afc3573c8} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c10dc1f4-ccdf-4224-a24d-b23afc3573c8} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c10dc1f4-ccdf-4224-a24d-b23afc3573c8} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{b6acb3f1-6a83-432c-b854-3e1056f87f4e} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{819db72d-1c28-4387-9778-e2ff3dc86f74} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c7b76b90-3455-4ae6-a752-eac4d19689e5} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c7b76b90-3455-4ae6-a752-eac4d19689e5} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c7b76b90-3455-4ae6-a752-eac4d19689e5} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c7b76b90-3455-4ae6-a752-eac4d19689e5} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
Infected Registry value(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\softwarehelper (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eoengine (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eorezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
Infected Registry data item(s):
(No harmful item detected)
Infected folder(s):
(No harmful item detected)
Infected file(s):
C:\Users\stephanie\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoEngine.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoAdv\EoAdv.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\eorezo.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoBHO.dll (Rogue.Eorezo) -> Delete on reboot.
C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (Rogue.Eorezo) -> Delete on reboot.
C:\Users\stephanie\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdate.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
According to the analysis results, everything seems clean. The report clearly shows 'unloaded successfully', 'delete on reboot', and 'Quarantine and deleted successfully'. Run another scan to check if there are any leftover crap on your PC.
Good evening,
You need to authenticate yourself on the site.
Reminder:
https://www.commentcamarche.net/infos/25917-marquer-un-fil-de-discussion-comme-etant-resolu/
I did this for you. ;-)
******
I advise you to clear the quarantine of Malwarebytes' Anti Malware.
Best of luck.
--
Got a problem? Come to CCM!
There is no problem without a solution.
You need to authenticate yourself on the site.
Reminder:
https://www.commentcamarche.net/infos/25917-marquer-un-fil-de-discussion-comme-etant-resolu/
I did this for you. ;-)
******
I advise you to clear the quarantine of Malwarebytes' Anti Malware.
Best of luck.
--
Got a problem? Come to CCM!
There is no problem without a solution.