BostonBill said:
I searched and found this in registry:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer
Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU]
"000"="lolx.exe"
"001"="worm.exe"
"002"="yIrwrs.exe"
"003"="DCOMX"
"004"="DCOMX.EXE "
"005"="sh33w32"
"006"="sh33w"
"007"="ylrwrs.exe"
"008"="sp4"
"009"="TFTPD.EXE"
"010"="bookmark"
"011"="desk"
"012"="note"
none of the methods sugested found any of it or the scanners i tried 3
or 4 of them....
Seems like the scanners protection must be pretty lame really.
I deleted this section but i cant find the files i am seeing my
machine tryin to contact a remote thro svchost and a remote that is
tryin to connect to mine
pretty convinced its the issue have it stopped with fire wall/
All the info i read and tried really did not find the actual problems
or there is no references to this ylrwrs.exe on all of net i
found.
REAL PAIN IN A
guess you cant trust scanners huh
No, it is rather that you aren't that skilled in removing viruses and
malware. The registry entries above are in the Most Recently Used
section. The scanners that Dave suggested you download and run are only
the *first* step in cleaning an infected computer. They enable you to
install a full-featured antivirus program, update its definitions, and
do a complete scan in Safe Mode. The scanners are not there to "protect
you". You need to use an installed antivirus for that. A good one is
EZ-AV from
www.my-etrust.com. You also need to continue your computer
cleanup by removing non-viral malware as well.
Here are general malware removal steps; all initial scans should be done
in Safe Mode:
1) Scan in Safe Mode with current version (not earlier than 2003)
antivirus using updated definitions;
2) remove spyware with Spybot Search & Destroy
(
www.safer-networking.org) and Ad-aware (
www.lavasoftusa.com). These
programs are free, so use them both since they complement each other.
There is a new version of CWShredder from
http://www.intermute.com/spysubtract/cwshredder_download.html. I would
not install the other Intermute programs, however. Alternately, there
are CoolWebSearch malware removal steps at
http://www.silentrunners.org/sr_cwsremoval.html. A combination of
HijackThis and About:Buster (
http://www.majorgeeks.com) works well in
removing homepage hijackers. Always read the instructions before
running a spyware removal tool. Be sure to update these programs before
running, and it is a good idea to do virus/spyware scans in Safe Mode.
Make sure you are able to see all hidden files and extensions (View tab
in Folder Options);
3) If you are running Windows ME or XP, you should disable/enable System
Restore because malware will be in the Restore Points. With ME, you
must disable System Restore completely. With XP, you can delete all but
the most recent (presumably clean) System Restore point from the More
Options section of Disk Cleanup (Run>cleanmgr).
4) make sure you've visited Windows Update and applied all security
patches. Do not install driver updates from Windows Update;
5) run a firewall.
Malke