Trojan.Gen.2
Solved
Peace08
Posted messages
3
Status
Member
-
tom -
tom -
Hello,
For over 2 weeks, my Norton antivirus has been displaying several messages a day:
"Auto-Protect has blocked this virus Trojan.Gen.2; Details: High Risk; Origin: Downloaded from unknown; File: C:\windows\installer\{9a67....}\u\"
I have over 45 threats per day, which is starting to be a lot. I downloaded Malwarebytes but nothing works, the virus is still present.
How can I easily remove it?
I have Windows 7
Thanks in advance
For over 2 weeks, my Norton antivirus has been displaying several messages a day:
"Auto-Protect has blocked this virus Trojan.Gen.2; Details: High Risk; Origin: Downloaded from unknown; File: C:\windows\installer\{9a67....}\u\"
I have over 45 threats per day, which is starting to be a lot. I downloaded Malwarebytes but nothing works, the virus is still present.
How can I easily remove it?
I have Windows 7
Thanks in advance
11 answers
You don't have the virus since Norton is blocking it.
I had the same issue and it went away after a month like magic.
Personally, I suspect Norton of being behind this maneuver to make us believe it's effective.
But that's just my opinion.
As long as you don't have any bugs on your PC, everything is fine, you're not infected.
If the messages annoy you, just disable them :-p
I had the same issue and it went away after a month like magic.
Personally, I suspect Norton of being behind this maneuver to make us believe it's effective.
But that's just my opinion.
As long as you don't have any bugs on your PC, everything is fine, you're not infected.
If the messages annoy you, just disable them :-p
Good evening,
* Download ZHPDiag to your desktop:
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
or
http://www.premiumorange.com/zeb-help-process/zhpdiag.html
or
https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/
* Follow the prompts during installation; it will launch automatically at the end.
/!\ Vista and Seven users: Right-click on the ZHPdiag logo, "Run as Administrator"
* Click on the icon that looks like a magnifying glass ("Start the diagnosis")
* Save the report to your Desktop using the icon that looks like a floppy disk
* Host the ZHPDiag.txt report on Cjoint, then copy/paste the link provided in your next response on the forum:
https://www.cjoint.com/ => https://www.commentcamarche.net/faq/29493-utiliser-cjoint-pour-heberger-des-fichiers
--
<bold>O.o°*♪♪♫ Member, Security Contributor CCM o°.Oø¤º°'°º¤ø
O.o°* ♪♪♫ Breathe deeply, write your message in good French and clearly. It will be fine, you'll see, at least we're trying!!! o°.Oø¤º°'°º¤ø
* Download ZHPDiag to your desktop:
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
or
http://www.premiumorange.com/zeb-help-process/zhpdiag.html
or
https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/
* Follow the prompts during installation; it will launch automatically at the end.
/!\ Vista and Seven users: Right-click on the ZHPdiag logo, "Run as Administrator"
* Click on the icon that looks like a magnifying glass ("Start the diagnosis")
* Save the report to your Desktop using the icon that looks like a floppy disk
* Host the ZHPDiag.txt report on Cjoint, then copy/paste the link provided in your next response on the forum:
https://www.cjoint.com/ => https://www.commentcamarche.net/faq/29493-utiliser-cjoint-pour-heberger-des-fichiers
--
<bold>O.o°*♪♪♫ Member, Security Contributor CCM o°.Oø¤º°'°º¤ø
O.o°* ♪♪♫ Breathe deeply, write your message in good French and clearly. It will be fine, you'll see, at least we're trying!!! o°.Oø¤º°'°º¤ø
Indeed, the messages are becoming very frequent, but I prefer to permanently delete trojan, even if Norton blocks it. It's a safety measure!
Here is the link, following the analysis: https://www.cjoint.com/?BFgtrkfV3bJ
Here is the link, following the analysis: https://www.cjoint.com/?BFgtrkfV3bJ
you have already run ADWC on your pc!
install the latest version of java from its dedicated site!
install a more recent version of Firefox!
* Launch ZHPFix via the shortcut on your Desktop
Click on the icon representing the letter H ("paste Helper lines")
* * Copy ( Ctrl + C ) and paste ( Ctrl + V ) the following bold lines into Zhpfix:
---------------------------------------------------------
M3 - MFPP: Plugins - [windows 7] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\iMeshWebSearch.xml
O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\WIA6EB~1\Datamngr\x64\datamngr.dllHA~1\MediaBar\Datamngr\x64\IEBHO.dll C:\Windows\system32\nvinitx.dll (.not file.)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\iMeshNAG.job
O43 - CFD: 29/04/2011 - 21:29:48 - [35,614] ----D C:\Users\windows 7\AppData\Local\iMesh
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} - (Web Search) - http://search.imesh.net/
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {4B8C28A7-A9BC-45F8-990D-21499EED643C} - (QuestScan) - http://www.questscan.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {4B8C28A7-A9BC-45F8-990D-21499EED643C} - (QuestScan) - http://www.questscan.com
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2a59}] =>PUP.iMesh
[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2a59}] =>PUP.iMesh
[HKCU\Software\iMesh] =>PUP.iMesh
C:\Users\windows 7\AppData\Local\iMesh =>PUP.iMesh
C:\Users\windows 7\AppData\Roaming\Mozilla\Firefox\Profiles\2wo2gcz2.default\SearchPlugins\conduit.xml =>Toolbar.Conduit
M3 - MFPP: Plugins - [windows 7] -- C:\Users\windows 7\AppData\Roaming\Mozilla\Firefox\Profiles\2wo2gcz2.default\searchplugins\conduit.xml
O69 - SBI: C:\Users\windows 7\AppData\Roaming\Mozilla\Firefox\Profiles\2wo2gcz2.default\searchplugins\conduit.xml
O69 - SBI: prefs.js [windows 7 - 2wo2gcz2.default] user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2089011&SearchSource=3&q={searchTerms}");
R3 - URLSearchHook: (no name) [64Bits] - {a65e491f-a436-4952-b49a-b24ed99a0f67} . (...) (No version) -- (.not file.)
[MD5.00000000000000000000000000000000] [APT] [iMeshNAG] (...) -- C:\Users\windows 7\AppData\Local\Temp\iMesh_setup.exe (.not file.) [MD5.00000000000000000000000000000000] [APT] [{A84A54B3-9E98-4C4B-9B3F-F86511FBEE4B}] (...) -- C:\Users\windows 7\Downloads\VLCSetup(3).exe (.not file.)
O51 - MPSK:{d59fa1bf-2fff-11e1-90f2-406186b47569}\AutoRun\command. (...) -- E:\PhotoViewer.exe (.not file.)
OPT:O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
Emptytemp
EmptyCLSID
----------------------------------------------------------
- Click on the "GO" button to start the cleanup,
- Copy/paste the entire report in your next response
Tutorial :
http://www.premiumorange.com/zeb-help-process/zhpfix.html
you already have MBAM on your pc,
launch it,
. In the "update" tab, click on the Check for update button
. if the firewall asks for permission to connect for malwarebytes, accept
. Once the update is complete
. go to the search tab,
. Select Run a full scan
. Click on Scan
. The scan starts.
. At the end of the scan, a message appears: The scan completed successfully. Click on 'Show results' to view all found items.
. Click on Ok to proceed.
. If any malware has been detected, click on Show results
. Select all (or leave checked) and click on Remove Selection Malwarebytes will destroy the files and registry keys and put a copy in quarantine.
. Malwarebytes will open Notepad and copy the analysis report there.
. go to the report/log tab
. click on it to display, once displayed
. click on edit at the top of Notepad, then on select all
. click on edit again and then on copy and return to the forum and in your response
. Right click in the response box and paste
. At the end of the scan, MBAM may need to restart the pc to finalize the removal, so don't panic, restart your pc !!!
If you need help, check out this tutorial:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
--
O.o°*♪♪♫ Member, Security Contributor CCM o°.Oø¤º°'°º¤ø
O.o°* ♪♪♫ Breathe deeply, Write your message in good French and clearly. It will be fine, you'll see, let's try !!! o°.Oø¤º°'°º¤ø
install the latest version of java from its dedicated site!
install a more recent version of Firefox!
* Launch ZHPFix via the shortcut on your Desktop
Click on the icon representing the letter H ("paste Helper lines")
* * Copy ( Ctrl + C ) and paste ( Ctrl + V ) the following bold lines into Zhpfix:
---------------------------------------------------------
M3 - MFPP: Plugins - [windows 7] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\iMeshWebSearch.xml
O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\WIA6EB~1\Datamngr\x64\datamngr.dllHA~1\MediaBar\Datamngr\x64\IEBHO.dll C:\Windows\system32\nvinitx.dll (.not file.)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\iMeshNAG.job
O43 - CFD: 29/04/2011 - 21:29:48 - [35,614] ----D C:\Users\windows 7\AppData\Local\iMesh
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} - (Web Search) - http://search.imesh.net/
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {4B8C28A7-A9BC-45F8-990D-21499EED643C} - (QuestScan) - http://www.questscan.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {4B8C28A7-A9BC-45F8-990D-21499EED643C} - (QuestScan) - http://www.questscan.com
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2a59}] =>PUP.iMesh
[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2a59}] =>PUP.iMesh
[HKCU\Software\iMesh] =>PUP.iMesh
C:\Users\windows 7\AppData\Local\iMesh =>PUP.iMesh
C:\Users\windows 7\AppData\Roaming\Mozilla\Firefox\Profiles\2wo2gcz2.default\SearchPlugins\conduit.xml =>Toolbar.Conduit
M3 - MFPP: Plugins - [windows 7] -- C:\Users\windows 7\AppData\Roaming\Mozilla\Firefox\Profiles\2wo2gcz2.default\searchplugins\conduit.xml
O69 - SBI: C:\Users\windows 7\AppData\Roaming\Mozilla\Firefox\Profiles\2wo2gcz2.default\searchplugins\conduit.xml
O69 - SBI: prefs.js [windows 7 - 2wo2gcz2.default] user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2089011&SearchSource=3&q={searchTerms}");
R3 - URLSearchHook: (no name) [64Bits] - {a65e491f-a436-4952-b49a-b24ed99a0f67} . (...) (No version) -- (.not file.)
[MD5.00000000000000000000000000000000] [APT] [iMeshNAG] (...) -- C:\Users\windows 7\AppData\Local\Temp\iMesh_setup.exe (.not file.) [MD5.00000000000000000000000000000000] [APT] [{A84A54B3-9E98-4C4B-9B3F-F86511FBEE4B}] (...) -- C:\Users\windows 7\Downloads\VLCSetup(3).exe (.not file.)
O51 - MPSK:{d59fa1bf-2fff-11e1-90f2-406186b47569}\AutoRun\command. (...) -- E:\PhotoViewer.exe (.not file.)
OPT:O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
Emptytemp
EmptyCLSID
----------------------------------------------------------
- Click on the "GO" button to start the cleanup,
- Copy/paste the entire report in your next response
Tutorial :
http://www.premiumorange.com/zeb-help-process/zhpfix.html
you already have MBAM on your pc,
launch it,
. In the "update" tab, click on the Check for update button
. if the firewall asks for permission to connect for malwarebytes, accept
. Once the update is complete
. go to the search tab,
. Select Run a full scan
. Click on Scan
. The scan starts.
. At the end of the scan, a message appears: The scan completed successfully. Click on 'Show results' to view all found items.
. Click on Ok to proceed.
. If any malware has been detected, click on Show results
. Select all (or leave checked) and click on Remove Selection Malwarebytes will destroy the files and registry keys and put a copy in quarantine.
. Malwarebytes will open Notepad and copy the analysis report there.
. go to the report/log tab
. click on it to display, once displayed
. click on edit at the top of Notepad, then on select all
. click on edit again and then on copy and return to the forum and in your response
. Right click in the response box and paste
. At the end of the scan, MBAM may need to restart the pc to finalize the removal, so don't panic, restart your pc !!!
If you need help, check out this tutorial:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
--
O.o°*♪♪♫ Member, Security Contributor CCM o°.Oø¤º°'°º¤ø
O.o°* ♪♪♫ Breathe deeply, Write your message in good French and clearly. It will be fine, you'll see, let's try !!! o°.Oø¤º°'°º¤ø
Here is the complete ZHPFix report:
ZHPFix Report 1.2.06 by Nicolas Coolman, Update of 05/17/2012
Registry export file: C:\ZHP\ZHPExportRegistry-06-06-2012-22-07-30.txt
Run by windows 7 at 06/06/2012 22:07:30
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Website: http://www.premiumorange.com/zeb-help-process/zhpfix.html
Website: http://nicolascoolman.skyrock.com/
========== Registry Key(s) ==========
DELETE Key*: SearchScopes :{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
DELETE Key: SearchScopes :{4B8C28A7-A9BC-45F8-990D-21499EED643C}
ABSENT Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2a59}
DELETE Key*: HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2a59}
DELETE Key*: HKCU\Software\iMesh
DELETE CLSID MPSK: {d59fa1bf-2fff-11e1-90f2-406186b47569}
========== Registry Value(s) ==========
DELETE URLSearchHook: {a65e491f-a436-4952-b49a-b24ed99a0f67}
DELETE RunValue: QuickTime Task
========== Registry Data Element(s) ==========
DELETE AppInit: \Program Files (x86)\WIA6EB~1\Datamngr\x64\datamngr.dllHA~1\MediaBar\Datamngr\x64\IEBHO.dll C:\Windows\system32\nvinitx.dll
========== Browser Preferences ==========
DELETE Mozilla Pref: user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2089011&SearchSource=3&q={searchTerms}");
========== Folder(s) ==========
DELETE Folder: C:\Users\windows 7\AppData\Local\{01DA0F18-8F79-4F84-873A-513F047292B6}
DELETE Folder: C:\Users\windows 7\AppData\Local\{03F9968E-E68E-400A-9F8E-26BBF15D7F00}
DELETE Folder: C:\Users\windows 7\AppData\Local\{07DE340F-90AA-4E36-8F03-3CDF156D72E3}
DELETE Folder: C:\Users\windows 7\AppData\Local\{08AA27BD-DAF6-4B36-B5A8-B7EC75C1D81A}
DELETE Folder: C:\Users\windows 7\AppData\Local\{0B7F0117-5D05-4474-A5F2-2BF728556A1B}
DELETE Folder: C:\Users\windows 7\AppData\Local\{10C9EB4D-DCF6-4A96-B79F-2FE5A9144D92}
DELETE Folder: C:\Users\windows 7\AppData\Local\{11E8E172-E893-4B28-9D79-16F16AED7D32}
DELETE Folder: C:\Users\windows 7\AppData\Local\{1499DEAF-6151-421F-A4A3-48510BD939CF}
DELETE Folder: C:\Users\windows 7\AppData\Local\{16723DE2-AE90-4D2D-8D96-5E817D38DE06}
DELETE Folder: C:\Users\windows 7\AppData\Local\{18A32D4A-02C0-439C-A6F9-D097B0A5656E}
DELETE Folder: C:\Users\windows 7\AppData\Local\{22ACD963-14A5-4629-AB0F-51A1AC5B951B}
DELETE Folder: C:\Users\windows 7\AppData\Local\{2BA1DF50-EF4B-4AAE-AD40-BC5433A1B851}
DELETE Folder: C:\Users\windows 7\AppData\Local\{2CA8DC37-17E2-4108-ADFC-D3ACC50272E8}
DELETE Folder: C:\Users\windows 7\AppData\Local\{2DB61C4F-92B7-4362-8D6A-FC1F7A03D246}
DELETE Folder: C:\Users\windows 7\AppData\Local\{2E983C4F-3352-4E92-8313-F32BE7BE0657}
DELETE Folder: C:\Users\windows 7\AppData\Local\{3090A3DB-E5AB-491C-A8D4-7E0BA6BCA5A4}
DELETE Folder: C:\Users\windows 7\AppData\Local\{36382AFA-BB5A-4337-ACB3-F4B7A8980B83}
DELETE Folder: C:\Users\windows 7\AppData\Local\{377FD40E-C410-47B2-9F42-D72FD03FFFE7}
DELETE Folder: C:\Users\windows 7\AppData\Local\{3E0A03C3-C918-44F5-A48C-988C9B1F40C3}
DELETE Folder: C:\Users\windows 7\AppData\Local\{428F2056-4A49-4E68-9C54-FF9C231B19CC}
DELETE Folder: C:\Users\windows 7\AppData\Local\{49D33000-396F-41E5-8CF8-2CB4EFC91C6A}
DELETE Folder: C:\Users\windows 7\AppData\Local\{4C1AC31A-14F7-4658-84F4-2704681A5300}
DELETE Folder: C:\Users\windows 7\AppData\Local\{51BED5A0-F9B5-4495-B522-537F7D21D619}
DELETE Folder: C:\Users\windows 7\AppData\Local\{527776EB-2E8F-472F-9390-ECE0BF77E56F}
DELETE Folder: C:\Users\windows 7\AppData\Local\{544A27DC-79A8-439F-96DA-A0B364CCCDBA}
DELETE Folder: C:\Users\windows 7\AppData\Local\{574FB5A4-232C-4D84-965A-586797401D13}
DELETE Folder: C:\Users\windows 7\AppData\Local\{57AD846B-8462-40B6-AE25-298D614090D0}
DELETE Folder: C:\Users\windows 7\AppData\Local\{647C5BE9-D363-46E8-9168-C46B21547494}
DELETE Folder: C:\Users\windows 7\AppData\Local\{70E3B81C-A039-40A7-B726-D141B24357AE}
DELETE Folder: C:\Users\windows 7\AppData\Local\{726B1370-0C6C-4A41-98E2-8BCF9F59E0A8}
DELETE Folder: C:\Users\windows 7\AppData\Local\{76FC6482-CFE8-435F-82BA-9E5537FC4A96}
DELETE Folder: C:\Users\windows 7\AppData\Local\{81D472E9-EE61-4272-B5DC-3615282B7138}
DELETE Folder: C:\Users\windows 7\AppData\Local\{88B52DDA-7FBA-4AE1-8970-D32158FDE0FE}
DELETE Folder: C:\Users\windows 7\AppData\Local\{8A871248-95C7-4D04-BFED-FE38FF065858}
DELETE Folder: C:\Users\windows 7\AppData\Local\{8D12A058-EA12-4B9E-80A8-7A02261067D5}
DELETE Folder: C:\Users\windows 7\AppData\Local\{999293BD-B861-406C-8948-F72A17C9530F}
DELETE Folder: C:\Users\windows 7\AppData\Local\{9AFA7DCE-D7F2-46D9-AD62-C5E34714AB06}
DELETE Folder: C:\Users\windows 7\AppData\Local\{9E00DAEF-85CF-429C-93A9-06156C7AC1E9}
DELETE Folder: C:\Users\windows 7\AppData\Local\{A0F66098-AF77-48C1-9AA1-EE943436D009}
DELETE Folder: C:\Users\windows 7\AppData\Local\{ADDC5701-40B3-46A0-8AFF-40EC4B96CC3A}
DELETE Folder: C:\Users\windows 7\AppData\Local\{B1D8DB52-74DD-48F5-BE6C-96FFA5126BC7}
DELETE Folder: C:\Users\windows 7\AppData\Local\{B5508A55-6708-4A96-BEE0-6304D447BA1E}
DELETE Folder: C:\Users\windows 7\AppData\Local\{BB4BDC01-543C-428F-B232-C452F1FEB567}
DELETE Folder: C:\Users\windows 7\AppData\Local\{BB7C2D10-6096-4231-905C-03FAF475BB73}
DELETE Folder: C:\Users\windows 7\AppData\Local\{BC087849-892B-43C9-8D3F-4344F925F336}
DELETE Folder: C:\Users\windows 7\AppData\Local\{BC7C9768-E28A-4BC0-9273-763797B1D2DA}
DELETE Folder: C:\Users\windows 7\AppData\Local\{BE05067E-ACF7-4182-8EF4-818FEC7CD178}
DELETE Folder: C:\Users\windows 7\AppData\Local\{C7EF913C-F847-41AD-8CA8-FE7AC14B008D}
DELETE Folder: C:\Users\windows 7\AppData\Local\{CA824AC7-1525-49A2-9640-1F1AE014FB7C}
DELETE Folder: C:\Users\windows 7\AppData\Local\{CD8DE25C-2CAC-4434-A692-D4C716004A32}
DELETE Folder: C:\Users\windows 7\AppData\Local\{D13F19D7-D54E-4DA1-AD99-B6E5A224F0FC}
DELETE Folder: C:\Users\windows 7\AppData\Local\{D444540E-9C3A-4882-B766-3F9C5FF89A62}
DELETE Folder: C:\Users\windows 7\AppData\Local\{D4737315-9B7D-4805-84E4-362B2ED5A3FB}
DELETE Folder: C:\Users\windows 7\AppData\Local\{D93A3130-007D-492A-87F1-2D9A8E14BE85}
DELETE Folder: C:\Users\windows 7\AppData\Local\{DD3D892D-6443-4694-83A9-DB0D620A1A17}
DELETE Folder: C:\Users\windows 7\AppData\Local\{DE212CC7-B50F-4888-BC2D-64B23A7739EE}
DELETE Folder: C:\Users\windows 7\AppData\Local\{E62DB85C-72B2-4FEF-9C73-5461FDC77459}
DELETE Folder: C:\Users\windows 7\AppData\Local\{E9C784D2-EC39-4FCA-8204-5BF8889A54AE}
DELETE Folder: C:\Users\windows 7\AppData\Local\{EA8600CA-0D06-44B8-A30E-C18B04BC351A}
DELETE Folder: C:\Users\windows 7\AppData\Local\{EEA63C95-C664-49E4-B854-3CA1983764EB}
========== File(s) ==========
DELETE File: c:\program files (x86)\mozilla firefox\searchplugins\imeshwebsearch.xml
DELETE Reboot c:\windows\system32\nvinitx.dll
DELETE File: c:\windows\tasks\imeshnag.job
ABSENT Folder/File: c:\users\windows 7\appdata\local\imesh
DELETE File: C:\Users\windows 7\AppData\Roaming\Mozilla\Firefox\Profiles\2wo2gcz2.default\SearchPlugins\conduit.xml
ABSENT File: c:\users\windows 7\appdata\roaming\mozilla\firefox\profiles\2wo2gcz2.default\searchplugins\conduit.xml
DELETE Windows Temp:
========== Scheduled Task ==========
DELETE Task: iMeshNAG
========== Summary ==========
6 : Registry Key(s)
2 : Registry Value(s)
1 : Registry Data Element(s)
60 : Folder(s)
7 : File(s)
1 : Browser Preferences
1 : Scheduled Task
End of clean in 00mn 10s
========== Report file path ==========
C:\ZHP\ZHPFix[R1].txt - 06/06/2012 22:07:30 [7722]
ZHPFix Report 1.2.06 by Nicolas Coolman, Update of 05/17/2012
Registry export file: C:\ZHP\ZHPExportRegistry-06-06-2012-22-07-30.txt
Run by windows 7 at 06/06/2012 22:07:30
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Website: http://www.premiumorange.com/zeb-help-process/zhpfix.html
Website: http://nicolascoolman.skyrock.com/
========== Registry Key(s) ==========
DELETE Key*: SearchScopes :{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
DELETE Key: SearchScopes :{4B8C28A7-A9BC-45F8-990D-21499EED643C}
ABSENT Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2a59}
DELETE Key*: HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2a59}
DELETE Key*: HKCU\Software\iMesh
DELETE CLSID MPSK: {d59fa1bf-2fff-11e1-90f2-406186b47569}
========== Registry Value(s) ==========
DELETE URLSearchHook: {a65e491f-a436-4952-b49a-b24ed99a0f67}
DELETE RunValue: QuickTime Task
========== Registry Data Element(s) ==========
DELETE AppInit: \Program Files (x86)\WIA6EB~1\Datamngr\x64\datamngr.dllHA~1\MediaBar\Datamngr\x64\IEBHO.dll C:\Windows\system32\nvinitx.dll
========== Browser Preferences ==========
DELETE Mozilla Pref: user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2089011&SearchSource=3&q={searchTerms}");
========== Folder(s) ==========
DELETE Folder: C:\Users\windows 7\AppData\Local\{01DA0F18-8F79-4F84-873A-513F047292B6}
DELETE Folder: C:\Users\windows 7\AppData\Local\{03F9968E-E68E-400A-9F8E-26BBF15D7F00}
DELETE Folder: C:\Users\windows 7\AppData\Local\{07DE340F-90AA-4E36-8F03-3CDF156D72E3}
DELETE Folder: C:\Users\windows 7\AppData\Local\{08AA27BD-DAF6-4B36-B5A8-B7EC75C1D81A}
DELETE Folder: C:\Users\windows 7\AppData\Local\{0B7F0117-5D05-4474-A5F2-2BF728556A1B}
DELETE Folder: C:\Users\windows 7\AppData\Local\{10C9EB4D-DCF6-4A96-B79F-2FE5A9144D92}
DELETE Folder: C:\Users\windows 7\AppData\Local\{11E8E172-E893-4B28-9D79-16F16AED7D32}
DELETE Folder: C:\Users\windows 7\AppData\Local\{1499DEAF-6151-421F-A4A3-48510BD939CF}
DELETE Folder: C:\Users\windows 7\AppData\Local\{16723DE2-AE90-4D2D-8D96-5E817D38DE06}
DELETE Folder: C:\Users\windows 7\AppData\Local\{18A32D4A-02C0-439C-A6F9-D097B0A5656E}
DELETE Folder: C:\Users\windows 7\AppData\Local\{22ACD963-14A5-4629-AB0F-51A1AC5B951B}
DELETE Folder: C:\Users\windows 7\AppData\Local\{2BA1DF50-EF4B-4AAE-AD40-BC5433A1B851}
DELETE Folder: C:\Users\windows 7\AppData\Local\{2CA8DC37-17E2-4108-ADFC-D3ACC50272E8}
DELETE Folder: C:\Users\windows 7\AppData\Local\{2DB61C4F-92B7-4362-8D6A-FC1F7A03D246}
DELETE Folder: C:\Users\windows 7\AppData\Local\{2E983C4F-3352-4E92-8313-F32BE7BE0657}
DELETE Folder: C:\Users\windows 7\AppData\Local\{3090A3DB-E5AB-491C-A8D4-7E0BA6BCA5A4}
DELETE Folder: C:\Users\windows 7\AppData\Local\{36382AFA-BB5A-4337-ACB3-F4B7A8980B83}
DELETE Folder: C:\Users\windows 7\AppData\Local\{377FD40E-C410-47B2-9F42-D72FD03FFFE7}
DELETE Folder: C:\Users\windows 7\AppData\Local\{3E0A03C3-C918-44F5-A48C-988C9B1F40C3}
DELETE Folder: C:\Users\windows 7\AppData\Local\{428F2056-4A49-4E68-9C54-FF9C231B19CC}
DELETE Folder: C:\Users\windows 7\AppData\Local\{49D33000-396F-41E5-8CF8-2CB4EFC91C6A}
DELETE Folder: C:\Users\windows 7\AppData\Local\{4C1AC31A-14F7-4658-84F4-2704681A5300}
DELETE Folder: C:\Users\windows 7\AppData\Local\{51BED5A0-F9B5-4495-B522-537F7D21D619}
DELETE Folder: C:\Users\windows 7\AppData\Local\{527776EB-2E8F-472F-9390-ECE0BF77E56F}
DELETE Folder: C:\Users\windows 7\AppData\Local\{544A27DC-79A8-439F-96DA-A0B364CCCDBA}
DELETE Folder: C:\Users\windows 7\AppData\Local\{574FB5A4-232C-4D84-965A-586797401D13}
DELETE Folder: C:\Users\windows 7\AppData\Local\{57AD846B-8462-40B6-AE25-298D614090D0}
DELETE Folder: C:\Users\windows 7\AppData\Local\{647C5BE9-D363-46E8-9168-C46B21547494}
DELETE Folder: C:\Users\windows 7\AppData\Local\{70E3B81C-A039-40A7-B726-D141B24357AE}
DELETE Folder: C:\Users\windows 7\AppData\Local\{726B1370-0C6C-4A41-98E2-8BCF9F59E0A8}
DELETE Folder: C:\Users\windows 7\AppData\Local\{76FC6482-CFE8-435F-82BA-9E5537FC4A96}
DELETE Folder: C:\Users\windows 7\AppData\Local\{81D472E9-EE61-4272-B5DC-3615282B7138}
DELETE Folder: C:\Users\windows 7\AppData\Local\{88B52DDA-7FBA-4AE1-8970-D32158FDE0FE}
DELETE Folder: C:\Users\windows 7\AppData\Local\{8A871248-95C7-4D04-BFED-FE38FF065858}
DELETE Folder: C:\Users\windows 7\AppData\Local\{8D12A058-EA12-4B9E-80A8-7A02261067D5}
DELETE Folder: C:\Users\windows 7\AppData\Local\{999293BD-B861-406C-8948-F72A17C9530F}
DELETE Folder: C:\Users\windows 7\AppData\Local\{9AFA7DCE-D7F2-46D9-AD62-C5E34714AB06}
DELETE Folder: C:\Users\windows 7\AppData\Local\{9E00DAEF-85CF-429C-93A9-06156C7AC1E9}
DELETE Folder: C:\Users\windows 7\AppData\Local\{A0F66098-AF77-48C1-9AA1-EE943436D009}
DELETE Folder: C:\Users\windows 7\AppData\Local\{ADDC5701-40B3-46A0-8AFF-40EC4B96CC3A}
DELETE Folder: C:\Users\windows 7\AppData\Local\{B1D8DB52-74DD-48F5-BE6C-96FFA5126BC7}
DELETE Folder: C:\Users\windows 7\AppData\Local\{B5508A55-6708-4A96-BEE0-6304D447BA1E}
DELETE Folder: C:\Users\windows 7\AppData\Local\{BB4BDC01-543C-428F-B232-C452F1FEB567}
DELETE Folder: C:\Users\windows 7\AppData\Local\{BB7C2D10-6096-4231-905C-03FAF475BB73}
DELETE Folder: C:\Users\windows 7\AppData\Local\{BC087849-892B-43C9-8D3F-4344F925F336}
DELETE Folder: C:\Users\windows 7\AppData\Local\{BC7C9768-E28A-4BC0-9273-763797B1D2DA}
DELETE Folder: C:\Users\windows 7\AppData\Local\{BE05067E-ACF7-4182-8EF4-818FEC7CD178}
DELETE Folder: C:\Users\windows 7\AppData\Local\{C7EF913C-F847-41AD-8CA8-FE7AC14B008D}
DELETE Folder: C:\Users\windows 7\AppData\Local\{CA824AC7-1525-49A2-9640-1F1AE014FB7C}
DELETE Folder: C:\Users\windows 7\AppData\Local\{CD8DE25C-2CAC-4434-A692-D4C716004A32}
DELETE Folder: C:\Users\windows 7\AppData\Local\{D13F19D7-D54E-4DA1-AD99-B6E5A224F0FC}
DELETE Folder: C:\Users\windows 7\AppData\Local\{D444540E-9C3A-4882-B766-3F9C5FF89A62}
DELETE Folder: C:\Users\windows 7\AppData\Local\{D4737315-9B7D-4805-84E4-362B2ED5A3FB}
DELETE Folder: C:\Users\windows 7\AppData\Local\{D93A3130-007D-492A-87F1-2D9A8E14BE85}
DELETE Folder: C:\Users\windows 7\AppData\Local\{DD3D892D-6443-4694-83A9-DB0D620A1A17}
DELETE Folder: C:\Users\windows 7\AppData\Local\{DE212CC7-B50F-4888-BC2D-64B23A7739EE}
DELETE Folder: C:\Users\windows 7\AppData\Local\{E62DB85C-72B2-4FEF-9C73-5461FDC77459}
DELETE Folder: C:\Users\windows 7\AppData\Local\{E9C784D2-EC39-4FCA-8204-5BF8889A54AE}
DELETE Folder: C:\Users\windows 7\AppData\Local\{EA8600CA-0D06-44B8-A30E-C18B04BC351A}
DELETE Folder: C:\Users\windows 7\AppData\Local\{EEA63C95-C664-49E4-B854-3CA1983764EB}
========== File(s) ==========
DELETE File: c:\program files (x86)\mozilla firefox\searchplugins\imeshwebsearch.xml
DELETE Reboot c:\windows\system32\nvinitx.dll
DELETE File: c:\windows\tasks\imeshnag.job
ABSENT Folder/File: c:\users\windows 7\appdata\local\imesh
DELETE File: C:\Users\windows 7\AppData\Roaming\Mozilla\Firefox\Profiles\2wo2gcz2.default\SearchPlugins\conduit.xml
ABSENT File: c:\users\windows 7\appdata\roaming\mozilla\firefox\profiles\2wo2gcz2.default\searchplugins\conduit.xml
DELETE Windows Temp:
========== Scheduled Task ==========
DELETE Task: iMeshNAG
========== Summary ==========
6 : Registry Key(s)
2 : Registry Value(s)
1 : Registry Data Element(s)
60 : Folder(s)
7 : File(s)
1 : Browser Preferences
1 : Scheduled Task
End of clean in 00mn 10s
========== Report file path ==========
C:\ZHP\ZHPFix[R1].txt - 06/06/2012 22:07:30 [7722]
Hello,
great :D
move on to the next part of my previous message (MBAM) ;-)
--
O.o°*♪♪♫ Member, CCM Security Contributor o°.Oø¤º°'°º¤ø
O.o°* ♪♪♫ Breathe deeply, write your message in proper French and clearly. It'll be fine, you'll see, at least we're trying!!! o°.Oø¤º°'°º¤ø
great :D
move on to the next part of my previous message (MBAM) ;-)
--
O.o°*♪♪♫ Member, CCM Security Contributor o°.Oø¤º°'°º¤ø
O.o°* ♪♪♫ Breathe deeply, write your message in proper French and clearly. It'll be fine, you'll see, at least we're trying!!! o°.Oø¤º°'°º¤ø
Hello!
I did a complete scan with MBAM but it didn't detect anything.
However, I still have the Trojan threat.
Is this normal?
I did a complete scan with MBAM but it didn't detect anything.
However, I still have the Trojan threat.
Is this normal?
good evening,
who told you that you have a trojan?
a report?
--
O.o°*♪♪♫ Member, Security Contributor CCM o°.Oø¤º°'°º¤ø
O.o°* ♪♪♫ Breathe deeply, write your message in proper French and clearly. It will be fine, you'll see, well let's try!!! o°.Oø¤º°'°º¤ø
who told you that you have a trojan?
a report?
--
O.o°*♪♪♫ Member, Security Contributor CCM o°.Oø¤º°'°º¤ø
O.o°* ♪♪♫ Breathe deeply, write your message in proper French and clearly. It will be fine, you'll see, well let's try!!! o°.Oø¤º°'°º¤ø
hello,
great :D
continuation and end :
/!\ Attention :
more and more programs are offering to install toolbars (Toolbars, pre-checked box), so don't forget to uncheck the corresponding boxes during installation.
* to remove the disinfecting tools
:
Download Delfix to your desktop :
HERE
or
https://www.commentcamarche.net/telecharger/securite/7111-delfix/
*Click on the "Remove" button and post its report in your next message
**To uninstall it, simply relaunch it and click on the uninstall button.
* Delete old system restore points after disinfection :
It is necessary to disable and then re-enable system restore to purge it as restore points may be infected :
For Windows 7 :
https://www.commentcamarche.net/informatique/windows/147-restaurer-windows-avec-les-points-de-restauration/
create a new system restore point, it can be useful :D
with that, happy surfing ;-)
--
O.o°*♪♪♫ Member, Security Contributor CCM o°.Oø¤º°'°º¤ø
O.o°* ♪♪♫ Breathe deeply, write your message in good French and clearly. It's going to be fine, you'll see, well we're trying!!! o°.Oø¤º°'°º¤ø
great :D
continuation and end :
/!\ Attention :
more and more programs are offering to install toolbars (Toolbars, pre-checked box), so don't forget to uncheck the corresponding boxes during installation.
* to remove the disinfecting tools
:
Download Delfix to your desktop :
HERE
or
https://www.commentcamarche.net/telecharger/securite/7111-delfix/
*Click on the "Remove" button and post its report in your next message
**To uninstall it, simply relaunch it and click on the uninstall button.
* Delete old system restore points after disinfection :
It is necessary to disable and then re-enable system restore to purge it as restore points may be infected :
For Windows 7 :
https://www.commentcamarche.net/informatique/windows/147-restaurer-windows-avec-les-points-de-restauration/
create a new system restore point, it can be useful :D
with that, happy surfing ;-)
--
O.o°*♪♪♫ Member, Security Contributor CCM o°.Oø¤º°'°º¤ø
O.o°* ♪♪♫ Breathe deeply, write your message in good French and clearly. It's going to be fine, you'll see, well we're trying!!! o°.Oø¤º°'°º¤ø