Malware?

[Guest]

If I un-install Xp n re-install it will that get rid of my malware?(if
so.,how do you un-install XP) Reason why is,Ad-Aware found some on a reason
check but I can't delete it cuz Ad-adware keeps freezing up.I have try 5
times now.I'm also running Microsoft Anti-spyware,Spy-bot,Trend Micro and
AntiVir..If I do un-install XP what will I lose?Thank-you for your time

 

[David H. Lipman]

From: "Corrosion13" <[email protected]>

| If I un-install Xp n re-install it will that get rid of my malware?(if
| so.,how do you un-install XP) Reason why is,Ad-Aware found some on a reason
| check but I can't delete it cuz Ad-adware keeps freezing up.I have try 5
| times now.I'm also running Microsoft Anti-spyware,Spy-bot,Trend Micro and
| AntiVir..If I do un-install XP what will I lose?Thank-you for your time

Yes. however, if you got it once you'll get it again if you don't practice Safe Hex and
don't protect and secure the PC proerly.

 

[Guest]

OK...Can you plz tell me how to un-install Xp?Thank-you

 

[David H. Lipman]

From: "Corrosion13" <[email protected]>

| OK...Can you plz tell me how to un-install Xp?Thank-you

I would but based upon your posts I don't think you have the capability to reinstall the OS
properly.
Therefore, I won't be the one to tell you how to wipe the hard disk and reinstall the OS
from scratch.

I am willing to assist you in removing the malware. However, you wiould need to supply as
much information as possible about what problems you are having, what you see and what
software you have used and their respective versions.

 

[Guest]

A full reinstall would indeed get rid of the problem.However this is a bit
like knocking down your house and rebuilding it when all you have is a broken
window.

Why not try to uninstall then reinstall adaware. It may then work better

There are other software ways if ad aware fails eg "spy bot search and
destroy"

Do you have a virus checker if not then get one and do a full scan (avg is
free)

Good luck

 

[David H. Lipman]

From: "mavermik98" <[email protected]>

| A full reinstall would indeed get rid of the problem.However this is a bit
| like knocking down your house and rebuilding it when all you have is a broken
| window.
|
| Why not try to uninstall then reinstall adaware. It may then work better
|
| There are other software ways if ad aware fails eg "spy bot search and
| destroy"
|
| Do you have a virus checker if not then get one and do a full scan (avg is
| free)
|
| Good luck
|

removing Ad-aware and re-installing it will NOT make a difference unless it was an old
version such as Ad-aware 6 and was replaced by Ad-aware SE v1.06 (soon to be replaced by
Ad-aware 2006).

 

[Guest]

Do you mean wipe the malware clean off my system,cuz I was here just before
x-mas and I followed your 11 helpful hints,but am still having problems with
Spy-axe.Ad-Aware wants to get rid of it but keeps freezing up just before it
deletes it.I just finished an Ad-Aware S.E. no ad scan and this is the name
of one of the objects that I can't delete
"C:\\WINDOWS\system32\sol.exe:#5SummaryInformation"

 

[David H. Lipman]

From: "Corrosion13" <[email protected]>

| Do you mean wipe the malware clean off my system,cuz I was here just before
| x-mas and I followed your 11 helpful hints,but am still having problems with
| Spy-axe.Ad-Aware wants to get rid of it but keeps freezing up just before it
| deletes it.I just finished an Ad-Aware S.E. no ad scan and this is the name
| of one of the objects that I can't delete
| "C:\\WINDOWS\system32\sol.exe:#5SummaryInformation"

Chances are sol.exe is a virus.

The following should remove the virus and remove the Spyaxe



Two part reply..

Perform Part 1 then perform Part 2.

It is suggested that you execute each tool in Normal Mode then in Safe Mode.

If you are using any version of Sun Java that is prior to JRE Version 5.0,
then you are strongly urged to remove any/all versions that are prior to JRE
Version 5.0. There are vulnerabilities in them and they are actively being exploited.
It is possible that is how you got infected with malware.

Therefore, it is highly suggested that if there are any prior versions of Sun Java
to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0 Update 6
be installed ASAP.

http://www.java.com/en/download/manual.jsp




Use the alternate if the first two parts are ineffective...
Note: Alternate only for Win2K, WinXP and Win2003 Server

Part 1
-----------

Use noahdfear's SmitFraud and SpyAxe removal tool -- SmitRem.exe
http://noahdfear.geekstogo.com/click counter/click.php?id=1

http://www.bleepingcomputer.com/forums/topic36868.html


Part 2
-----------

Download SmitFraud.exe from the URL --
http://www.ik-cs.com/programs/virtools/SmitFraud.exe

Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to enable WGET.EXE to download the needed McAfee related files.

Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
It is suggested that you move the report out of c:\mcafee before performing another scan.

Alternate:

Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal tool.

http://secured2k.home.comcast.net/tools/AntiPuper.exe

http://forums.mcafeehelp.com/viewtopic.php?t=65072


Please Copy and Paste the contents of the HTML Log file; C:\mcafee\ScanReport.HTML in your
reply.

* * * Please report back your results * * *

 

[Bruce Chambers]

If I un-install Xp n re-install it will that get rid of my malware?(if
so.,how do you un-install XP) Reason why is,Ad-Aware found some on a reason
check but I can't delete it cuz Ad-adware keeps freezing up.I have try 5
times now.I'm also running Microsoft Anti-spyware,Spy-bot,Trend Micro and
AntiVir..If I do un-install XP what will I lose?Thank-you for your time

The normal way to "uninstall" any operating system is to format
the hard drive and install a new OS of your choice.

After backing up or copying any important personal data files to a
CD or other removable storage media, simply boot from the WinXP
installation CD. You'll be offered the opportunity to delete, create,
and format partitions as part of the installation process. (You may need
to re-arrange the order of boot devices in the PC's BIOS to boot from
the CD.)

HOW TO Install Windows XP
http://support.microsoft.com/default.aspx?scid=KB;en-us;316941

http://www.michaelstevenstech.com/cleanxpinstall.html

http://www.webtree.ca/windowsxp/clean_install.htm


--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH

 

[Guest]

Ok I followed your instructions and used the noahdfear's and all that
bleepingcomputer.com told me to do and still I can't delete
"C:\\WINDOWS\system32\sol.exe:#5SummaryInformation" from my Ad-Aware.I have
the updated version of java-soft.What should I do now??thank-you

 

[cquirke (MVP Windows shell/user)]

From: "mavermik98" <[email protected]>

| A full reinstall would indeed get rid of the problem.However this is a bit
| like knocking down your house and rebuilding it when all you have is a broken
| window.

Plus, you'd likely get it again. See...

http://cquirke.mvps.org/reinst.htm

Your PC may be considerably easier to (re-)infect after you "just"
wipe and rebuild, especially if your XP CD pre-dates SP2.

| Why not try to uninstall then reinstall adaware. It may then work better

removing Ad-aware and re-installing it will NOT make a difference unless it was an old
version such as Ad-aware 6 and was replaced by Ad-aware SE v1.06 (soon to be replaced by
Ad-aware 2006).

It might, if bad exits etc. had corrupted the original AdAware file
set. The general tone of these posts suggest this is quite a likely
scenario, given the detail-free escalation to "just wipe and rebuild".

| There are other software ways if ad aware fails eg "spy bot search and
| destroy" Do you have a virus checker if not then get one and do a full
| scan (avg is free)

There are plenty of ways to detect and manage malware; methods that
are easy but rely on the malware allowing itself to be removed without
fighting back, to others that work but require effort and insight.

The more details you can provide, the better we can help you, as per
the GIGO (Garbage In, Garbage Out) principle. Starting with: What was
the name of the malware that AdAware detected?

---------- ----- ---- --- -- - - - -

Don't pay malware vendors - boycott Sony

 

[cquirke (MVP Windows shell/user)]

From: "Corrosion13" <[email protected]>

| .I just finished an Ad-Aware S.E. no ad scan and this is the name
| of one of the objects that I can't delete
| "C:\\WINDOWS\system32\sol.exe:#5SummaryInformation"

Chances are sol.exe is a virus.

No, I think it'smore subtle than that - check the syntax...

C:\\WINDOWS\system32 = the path, but why the \\?

sol.exe = file name, which is correct for that path... BUT...

sol.exe:#5SummaryInformation" = an ADS attached to the file

I've seen this form of infection fairly often in the last 6 months,
often with masses (hundreds) of malware ADS added to existing,
legitimate files, such as System.ini - and involving multiple
different malware, i.e. it's not just one baddie that does this.

My tool of choice here would be AntiVir 6, which I would run from Bart
CDR boot. The statistics for one particular case were like this...

F-Prot Win32 CLI scanner (report only): Finds 134 malware
McAfee Win32 CLI scanner (report only): Finds 115 malware
Trend SysClean scan and clean: Finds 100 malware, cleans all
McAfee Stinger scan and clean: Finfs 1 malware, cleans
AntiVir 6 scan and clean: Finds 388 malware, cleans all

You can also use the ADS manager integrated into HiJackThis to clean
off all non-standard ADS. I'd make a HiJackThis log at the same time,
and submit that to any of several forums dedicated to interpreting
suck logs and providing guided advice on what is found.

I rarely see ADS infectors, not because they are not common, but
because few of my users' systems use NTFS. No NTFS, no ADS.

---------- ----- ---- --- -- - - - -

Don't pay malware vendors - boycott Sony

 

[David H. Lipman]

From: "Corrosion13" <[email protected]>

| Ok I followed your instructions and used the noahdfear's and all that
| bleepingcomputer.com told me to do and still I can't delete
| "C:\\WINDOWS\system32\sol.exe:#5SummaryInformation" from my Ad-Aware.I have
| the updated version of java-soft.What should I do now??thank-you
|


Download Pocket KillBox
http://www.bleepingcomputer.com/files/spyware/KillBox.zip

Extract KillBox.exe from KillBox.zip

Execute; KillBox.exe

Click on Tools --> Select; Delete Temp Files.

Choose; OK

C:\WINDOWS\system32\sol.exe

Select; Replace on Reboot
put a check in the box "Use Dummy"
Click The Red circle and a white X
When prompted to Replace on Reboot, click YES
If prompted to Reboot Now, Click YES

Allow the PC to shutdown and then reboot into Safe Mode.

Run the scanners again.

 

[Guest]

OK,I ran the pocket killbox and now when I run an ad scan with Ad-Aware, the
infected file comes up as this "C:\SYSTEM Volume
Information\_Restore(20E31F6F-0F52-4F6C-BDAE-510593AEA0D8)\RP6\A0000630.EXE:#5SummaryInformation".There's
2 files like this both exact same.There's also aother file now,that came with
"killbox" "C:\KILLBOX\sol.exe:#5SummaryInformation".Can or if killbox is
deleted with this get rid of that file?Is there any other solution to get rid
of this malware?I can't seem to delete these files with Ad-Aware or even
quarantine, because Ad-Aware freezes.Thank-you David for your help and
support!

 

[David H. Lipman]

From: "Corrosion13" <[email protected]>

| OK,I ran the pocket killbox and now when I run an ad scan with Ad-Aware, the
| infected file comes up as this "C:\SYSTEM Volume
| Information\_Restore(20E31F6F-0F52-4F6C-BDAE-510593AEA0D8)\RP6\A0000630.EXE:#5SummaryInfor
| mation".There's 2 files like this both exact same.There's also aother file now,that came
| with "killbox" "C:\KILLBOX\sol.exe:#5SummaryInformation".Can or if killbox is
| deleted with this get rid of that file?Is there any other solution to get rid
| of this malware?I can't seem to delete these files with Ad-Aware or even
| quarantine, because Ad-Aware freezes.Thank-you David for your help and
| support!

The following is the System restor cache.
C:\SYSTEM Volume Information\_Restore

To remove it, disable the system Restore cache. Reboot the PC.
Re-enable the System Restore cache and then create a new restore point.

http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

 

[Guest]

THANK-YOU VERY MUCH for all your help........=O)