Spyware file: sqlbkup.exe

[Guest]

Hello all,
I just ran the Microsoft AntiSpyware program, but I still have
two forms of spyware apparently. One window keeps coming up as "Freeprod.com"
and tries to install itself whenever the computer is brought up. The other
file, sqlbkup.exe, has been on my computer since Monday and I know for a fact
this is a virus of some sort due to it not wanting to be deleted. Any help
would be greatly appreciated!

 

[Dave M]

I'm not getting any google hits on either, but Anti-Spyware does not generally
detect computer viruses.
Try sending sqlbkup.exe to both these sites for a multi-scanner analysis:

http://virusscan.jotti.org/
http://www.virustotal.com/flash/index_en.html

Let us know what you find out.

 

[Guest]

Thanks for the help. Here are the various files and the results from jotti:

Service load:
0% 100%
File: mc-12.exe
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this
file's scan results will not be stored in the database)
MD5 dbf15e8f4e797dfbfce798e54ce47151
Packers detected:
-
Scanner results
AntiVir
Found Adware-Spyware/Maxifiles.M adware
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found Trojan.Downloader.MathCash.A
ClamAV
Found nothing
Dr.Web
Found Trojan.DownLoader.4844
F-Prot Antivirus
Found nothing
Fortinet
Found Dloader.FL-tr
Kaspersky Anti-Virus
Found not-a-virus:AdWare.Win32.Maxifiles.u
NOD32
Found nothing
Norman Virus Control
Found Maxifiles.E
UNA
Found Adware.Maxifiles
VBA32
Found AdWare.Win32.Maxifiles.u



Service load:
0% 100%
File: SQLBKUP.EXE-1B67DF51.pf
Status:
OK
MD5 e4717609f94e61e49f65fd350f821f5e
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VBA32
Found nothing


Service
Service load:
0% 100%
File: freeprod.dll
Status:
INFECTED/MALWARE
MD5 b1f3b339ab82214c0d02ac8603638203
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found Generic.GYN
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found Adware/Softomate
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found W32/Softomate.G
UNA
Found nothing
VBA32
Found nothing


That is what I have recieved so far. I KNOW the sqlbkup is a virus. I
recieved it through AOL Instant Messanger if that is any help.

 

[Guest]

I just used the other link for the sqlbkup file and this is what I got. It
does not want to delete itself, I got this in the Prefetch folder since it's
the only place I can find this file.

This is a report processed by VirusTotal on 12/29/2005 at 03:39:04 (CET)
after scanning the file "SQLBKUP.EXE-1B67DF51.pf" file.

Antivirus Version Update Result
AntiVir 6.33.0.70 12.28.2005 no virus found
Avast 4.6.695.0 12.28.2005 no virus found
AVG 718 12.29.2005 no virus found
Avira 6.33.0.70 12.28.2005 no virus found
BitDefender 7.2 12.28.2005 no virus found
CAT-QuickHeal 8.00 12.28.2005 no virus found
ClamAV devel-20051108 12.29.2005 no virus found
DrWeb 4.33 12.28.2005 no virus found
eTrust-Iris 7.1.194.0 12.29.2005 no virus found
eTrust-Vet 12.4.1.0 12.28.2005 no virus found
Ewido 3.5 12.29.2005 no virus found
Fortinet 2.54.0.0 12.29.2005 no virus found
F-Prot 3.16c 12.29.2005 no virus found
Ikarus 0.2.59.0 12.28.2005 no virus found
Kaspersky 4.0.2.24 12.29.2005 no virus found
McAfee 4661 12.28.2005 no virus found
NOD32v2 1.1343 12.28.2005 no virus found
Norman 5.70.10 12.28.2005 no virus found
Panda 8.02.00 12.28.2005 no virus found
Sophos 4.01.0 12.28.2005 no virus found
Symantec 8.0 12.29.2005 no virus found
TheHacker 5.9.1.063 12.28.2005 no virus found
UNA 1.83 12.28.2005 no virus found
VBA32 3.10.5 12.28.2005 no virus found

 

[Dave M]

....actually I did find freeprod.com finally.

127.0.0.1 freeprod.com #[IE-SpyAd]
127.0.0.1 www.freeprod.com
http://www.mvps.org/winhelp2002/hosts.txt

You might be interested in the Hosts file from mvps.org that prevents downloads
from malware sites such as this.
Blocking Unwanted Parasites with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

 

[Guest]

Thank you so much for the help. I have downloaded the hosts file, now what do
I have to do to run it and then how do I use the 127.0.0.1 freeprod.com
#[IE-SpyAd] and the 127.0.0.1 www.freeprod.com? This is my first time using
this.

 

[Dave M]

....geesh, don't click on the post link to w w w freeprod com, sorry about
posting it that way... it's gonna give you some drive by download probably like
sephiroth61787 has if you go there.

Hi sephiroth61787;

Try running the jotti one also... it could be either very new or non-malignant,
but you did take a malignant download from freeprod it looks like. Does MSAS
pick anything up? How about your Anti-virus? Do a full deep scan with updated
definitions on both
--
Regards, Dave

...actually I did find freeprod.com finally.

127.0.0.1 freeprod.com #[IE-SpyAd]
127.0.0.1 w w w freeprod com
http://www.mvps.org/winhelp2002/hosts.txt

You might be interested in the Hosts file from mvps.org that prevents
downloads from malware sites such as this.
Blocking Unwanted Parasites with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

Hello all,
I just ran the Microsoft AntiSpyware program, but I still have
two forms of spyware apparently. One window keeps coming up as "Freeprod.com"
and tries to install itself whenever the computer is brought up. The other
file, sqlbkup.exe, has been on my computer since Monday and I know for a fact
this is a virus of some sort due to it not wanting to be deleted. Any help
would be greatly appreciated!

 

[Dave M]

The idea is that you replace your current hosts file (which probably now
contains one default Microsoft entry... 127.0.0.1 localhost) with that
protective hosts file which is a maintained updated blacklist of malicious
sites, and If you get hosts updates from multiple sources they will have to be
merged as mentioned on the mvps site using a program like Hostsman. I suggest
you do this later, it takes some time to understand the technique as described
on MVPS.org but it will be there for you in the future. It's strictly a
pro-active measure, and won't fix what you already have now. Get rid of the
immediate problem first.

Have you run Jotti, and full virus and spyware scans? That's the first step to
eliminate this, we need to identify what exactly it is. (virus, spyware, or
trojan) Virustotal showed us nothing so far.

--
Regards, Dave

Thank you so much for the help. I have downloaded the hosts file, now what do
I have to do to run it and then how do I use the 127.0.0.1 freeprod.com
#[IE-SpyAd] and the 127.0.0.1 www.freeprod.com? This is my first time using
this.

....actually I did find freeprod.com finally.

127.0.0.1 freeprod.com
127.0.0.1 www.freeprod.com
http://www.mvps.org/winhelp2002/hosts.txt

You might be interested in the Hosts file from mvps.org that prevents
downloads from malware sites such as this.
Blocking Unwanted Parasites with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

 

[Dave M]

Since the only place your finding that file is in prefetch you can clean that
out with no problem... it will be rebuilt on the fly:

From Engle:
Reboot to Safe Mode

Please ensure you are doing this under a Administrator accºunt

Clear prefetch files by going to Start menu and Run and typing

prefetch

and then click OK.

More info on getting to Safe Boot Mode:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

More info on cleaning prefetch:
http://www.windowsnetworking.com/articles_tutorials/Gaining-Speed-Empty-Prefetch-XP.html
--
Regards, Dave

The idea is that you replace your current hosts file (which probably now
contains one default Microsoft entry... 127.0.0.1 localhost) with that
protective hosts file which is a maintained updated blacklist of malicious
sites, and If you get hosts updates from multiple sources they will have to be
merged as mentioned on the mvps site using a program like Hostsman. I suggest
you do this later, it takes some time to understand the technique as described
on MVPS.org but it will be there for you in the future. It's strictly a
pro-active measure, and won't fix what you already have now. Get rid of the
immediate problem first.

Have you run Jotti, and full virus and spyware scans? That's the first step
to eliminate this, we need to identify what exactly it is. (virus, spyware, or
trojan) Virustotal showed us nothing so far.

Thank you so much for the help. I have downloaded the hosts file, now what do
I have to do to run it and then how do I use the 127.0.0.1 freeprod.com
#[IE-SpyAd] and the 127.0.0.1 www.freeprod.com? This is my first time using
this.

....actually I did find freeprod.com finally.

127.0.0.1 freeprod.com
127.0.0.1 www.freeprod.com
http://www.mvps.org/winhelp2002/hosts.txt

You might be interested in the Hosts file from mvps.org that prevents
downloads from malware sites such as this.
Blocking Unwanted Parasites with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm
--
Regards, Dave


sephiroth61787 wrote:
Hello all,
I just ran the Microsoft AntiSpyware program, but I still have
two forms of spyware apparently. One window keeps coming up as
"Freeprod.com" and tries to install itself whenever the computer is brought
up. The other file, sqlbkup.exe, has been on my computer since Monday and I
know for a fact this is a virus of some sort due to it not wanting to be
deleted. Any help would be greatly appreciated!

 

[Guest]

All right, the Jotti thing was already run and unless it has some way to
remove the file, then I can't find it. I've deleted those other two files
with no problem, but the Sqlbkup.exe is still in System Processes when I do
Control+ALT+Del. It says its being run by the system. I've deleted the
Prefetch file countless times and it keep scoming back. I'll try safe mode
once more and hopefully, it works.

 

[Guest]

Deleting the sqlbkup in Prefetch when the computer is in safe mode (admin
mode) did not work. Something is causing this file to be brought up when the
computer starts up and I can't discover the file name so I can delete the
source. The "Freeprod" seems to be gone and that's good, but I can't seem to
get rid of sqlbkup. This may be known as a "buddy virus" if that helps since
I was on AIM when I got it.

 

[Dave M]

OK got both your multi-scanner reports now. You have quite a load there.
I'm not sure of what MSAS has detected for you but has been unable to remove so
far. So give it a chance, most of that stuff your seeing is Adware.

In order to remove as much as possible I think you should clean your system,
delete prefetch files, and run both your Anti-Virus and Anti-Spyware scans from
Safe Boot mode. You do have an Anti-Virus right?

Update your Anti-Virus and Anti-Spyware definitions (MSAS was having some update
problems but it should be settled out soon)

Download and install Ccleªner (from Engle)
http://www.ccleaner.com/ccdownload.asp

Reboot to Safe Mode

Please ensure you are doing this under a Administrator accºunt

Clear prefetch files by going to Start menu and Run and typing

prefetch

and then click OK.

Open Ccleaner and press "Run Cleaner" from the menu choose 'Issues' and then
press scan for issues, Repair any fºund.

Run an Anti-Virus full deep scan
Run a MSAS full deep scan repeatedly until nothing is detected on your system or
three full cycles of scanning complete.

Reboot back to Normal Mode.

Let us know if any problems still exist and what was cleaned by MSAS and the A-V
scans.
--
Regards, Dave

...geesh, don't click on the post link to w w w freeprod com, sorry about
posting it that way... it's gonna give you some drive by download probably
like sephiroth61787 has if you go there.

Hi sephiroth61787;

Try running the jotti one also... it could be either very new or
non-malignant, but you did take a malignant download from freeprod it looks
like. Does MSAS pick anything up? How about your Anti-virus? Do a full
deep scan with updated definitions on both

...actually I did find freeprod.com finally.

127.0.0.1 freeprod.com #[IE-SpyAd]
127.0.0.1 w w w freeprod com
http://www.mvps.org/winhelp2002/hosts.txt

You might be interested in the Hosts file from mvps.org that prevents
downloads from malware sites such as this.
Blocking Unwanted Parasites with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

Hello all,
I just ran the Microsoft AntiSpyware program, but I still have
two forms of spyware apparently. One window keeps coming up as
"Freeprod.com" and tries to install itself whenever the computer is brought
up. The other file, sqlbkup.exe, has been on my computer since Monday and I
know for a fact this is a virus of some sort due to it not wanting to be
deleted. Any help would be greatly appreciated!

 

[Guest]

I think the problem is I don't have any Anti-Virus programs, they're all
anti-spyware. Where am I able to find an Anti-Virus? Most of the adware is
gone as far as I can tell (MSAS did an awesome job getting rid of it). I
found out the other files and deleted them manually (such as the one causing
the freeprod). So the only thing I need apparently is the Anti-Virus and then
I will get to work on getting rid of this for good.

OK got both your multi-scanner reports now. You have quite a load there.
I'm not sure of what MSAS has detected for you but has been unable to remove so
far. So give it a chance, most of that stuff your seeing is Adware.

In order to remove as much as possible I think you should clean your system,
delete prefetch files, and run both your Anti-Virus and Anti-Spyware scans from
Safe Boot mode. You do have an Anti-Virus right?

Update your Anti-Virus and Anti-Spyware definitions (MSAS was having some update
problems but it should be settled out soon)

Download and install Ccleªner (from Engle)
http://www.ccleaner.com/ccdownload.asp

Reboot to Safe Mode

Please ensure you are doing this under a Administrator accºunt

Clear prefetch files by going to Start menu and Run and typing

prefetch

and then click OK.

Open Ccleaner and press "Run Cleaner" from the menu choose 'Issues' and then
press scan for issues, Repair any fºund.

Run an Anti-Virus full deep scan
Run a MSAS full deep scan repeatedly until nothing is detected on your system or
three full cycles of scanning complete.

Reboot back to Normal Mode.

Let us know if any problems still exist and what was cleaned by MSAS and the A-V
scans.
--
Regards, Dave

...geesh, don't click on the post link to w w w freeprod com, sorry about
posting it that way... it's gonna give you some drive by download probably
like sephiroth61787 has if you go there.

Hi sephiroth61787;

Try running the jotti one also... it could be either very new or
non-malignant, but you did take a malignant download from freeprod it looks
like. Does MSAS pick anything up? How about your Anti-virus? Do a full
deep scan with updated definitions on both

...actually I did find freeprod.com finally.

127.0.0.1 freeprod.com #[IE-SpyAd]
127.0.0.1 w w w freeprod com
http://www.mvps.org/winhelp2002/hosts.txt

You might be interested in the Hosts file from mvps.org that prevents
downloads from malware sites such as this.
Blocking Unwanted Parasites with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

sephiroth61787 wrote:
Hello all,
I just ran the Microsoft AntiSpyware program, but I still have
two forms of spyware apparently. One window keeps coming up as
"Freeprod.com" and tries to install itself whenever the computer is brought
up. The other file, sqlbkup.exe, has been on my computer since Monday and I
know for a fact this is a virus of some sort due to it not wanting to be
deleted. Any help would be greatly appreciated!

 

[Dave M]

I'm afraid that just deleting the files won't completely do it for you... these
guys are quite intelligent and just a delete is not going to remove the problem
completely. Follow the clean first, then scan steps... don't try to do
everything manually.

 

[Dave M]

OK... Yes, you need an Anti-Virus, but there are free scans available on the
internet too, anytime you need just an AV scan without ongoing protection.

Try this Microsoft one, although you'll not be able to run it in Safe boot mode
since it's an online scan, but better than nothing at the moment:

www.safety.live


--
Regards, Dave

I think the problem is I don't have any Anti-Virus programs, they're all
anti-spyware. Where am I able to find an Anti-Virus? Most of the adware is
gone as far as I can tell (MSAS did an awesome job getting rid of it). I
found out the other files and deleted them manually (such as the one causing
the freeprod). So the only thing I need apparently is the Anti-Virus and then
I will get to work on getting rid of this for good.

OK got both your multi-scanner reports now. You have quite a load there.
I'm not sure of what MSAS has detected for you but has been unable to remove
so far. So give it a chance, most of that stuff your seeing is Adware.

In order to remove as much as possible I think you should clean your system,
delete prefetch files, and run both your Anti-Virus and Anti-Spyware scans
from Safe Boot mode. You do have an Anti-Virus right?

Update your Anti-Virus and Anti-Spyware definitions (MSAS was having some
update problems but it should be settled out soon)

Download and install Ccleªner (from Engle)
http://www.ccleaner.com/ccdownload.asp

Reboot to Safe Mode

Please ensure you are doing this under a Administrator accºunt

Clear prefetch files by going to Start menu and Run and typing

prefetch

and then click OK.

Open Ccleaner and press "Run Cleaner" from the menu choose 'Issues' and then
press scan for issues, Repair any fºund.

Run an Anti-Virus full deep scan
Run a MSAS full deep scan repeatedly until nothing is detected on your
system or three full cycles of scanning complete.

Reboot back to Normal Mode.

Let us know if any problems still exist and what was cleaned by MSAS and the
A-V scans.
--
Regards, Dave

...geesh, don't click on the post link to w w w freeprod com, sorry about
posting it that way... it's gonna give you some drive by download probably
like sephiroth61787 has if you go there.

Hi sephiroth61787;

Try running the jotti one also... it could be either very new or
non-malignant, but you did take a malignant download from freeprod it looks
like. Does MSAS pick anything up? How about your Anti-virus? Do a full
deep scan with updated definitions on both

Dave M wrote:
...actually I did find freeprod.com finally.

127.0.0.1 freeprod.com #[IE-SpyAd]
127.0.0.1 w w w freeprod com
http://www.mvps.org/winhelp2002/hosts.txt

You might be interested in the Hosts file from mvps.org that prevents
downloads from malware sites such as this.
Blocking Unwanted Parasites with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

sephiroth61787 wrote:
Hello all,
I just ran the Microsoft AntiSpyware program, but I still
have two forms of spyware apparently. One window keeps coming up as
"Freeprod.com" and tries to install itself whenever the computer is
brought up. The other file, sqlbkup.exe, has been on my computer since
Monday and I know for a fact this is a virus of some sort due to it not
wanting to be deleted. Any help would be greatly appreciated!

 

[Dave M]

oh I see from Bill Sanderson you can run it in Safe if you enable networking...
maybe a bit much for you at this point though...

www.safety.live

Click on Protection in the left column, and do a Protection Scan.

For best results on an infected system, do this in safe mode with
networking. This is safe to do behind either a router or hardware firewall,
or when using the Windows firewall. I'm not sure what third-party software
firewalls are active in safe mode.

--
Regards, Dave

I think the problem is I don't have any Anti-Virus programs, they're all
anti-spyware. Where am I able to find an Anti-Virus? Most of the adware is
gone as far as I can tell (MSAS did an awesome job getting rid of it). I
found out the other files and deleted them manually (such as the one causing
the freeprod). So the only thing I need apparently is the Anti-Virus and then
I will get to work on getting rid of this for good.

OK got both your multi-scanner reports now. You have quite a load there.
I'm not sure of what MSAS has detected for you but has been unable to remove
so far. So give it a chance, most of that stuff your seeing is Adware.

In order to remove as much as possible I think you should clean your system,
delete prefetch files, and run both your Anti-Virus and Anti-Spyware scans
from Safe Boot mode. You do have an Anti-Virus right?

Update your Anti-Virus and Anti-Spyware definitions (MSAS was having some
update problems but it should be settled out soon)

Download and install Ccleªner (from Engle)
http://www.ccleaner.com/ccdownload.asp

Reboot to Safe Mode

Please ensure you are doing this under a Administrator accºunt

Clear prefetch files by going to Start menu and Run and typing

prefetch

and then click OK.

Open Ccleaner and press "Run Cleaner" from the menu choose 'Issues' and then
press scan for issues, Repair any fºund.

Run an Anti-Virus full deep scan
Run a MSAS full deep scan repeatedly until nothing is detected on your
system or three full cycles of scanning complete.

Reboot back to Normal Mode.

Let us know if any problems still exist and what was cleaned by MSAS and the
A-V scans.
--
Regards, Dave

...geesh, don't click on the post link to w w w freeprod com, sorry about
posting it that way... it's gonna give you some drive by download probably
like sephiroth61787 has if you go there.

Hi sephiroth61787;

Try running the jotti one also... it could be either very new or
non-malignant, but you did take a malignant download from freeprod it looks
like. Does MSAS pick anything up? How about your Anti-virus? Do a full
deep scan with updated definitions on both

Dave M wrote:
...actually I did find freeprod.com finally.

127.0.0.1 freeprod.com #[IE-SpyAd]
127.0.0.1 w w w freeprod com
http://www.mvps.org/winhelp2002/hosts.txt

You might be interested in the Hosts file from mvps.org that prevents
downloads from malware sites such as this.
Blocking Unwanted Parasites with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

sephiroth61787 wrote:
Hello all,
I just ran the Microsoft AntiSpyware program, but I still
have two forms of spyware apparently. One window keeps coming up as
"Freeprod.com" and tries to install itself whenever the computer is
brought up. The other file, sqlbkup.exe, has been on my computer since
Monday and I know for a fact this is a virus of some sort due to it not
wanting to be deleted. Any help would be greatly appreciated!

 

[Dave M]

here's a better URL that one isn't working for me anyway...

http://safety.live.com/site/en-US/default.htm

 

[Guest]

So far, the link you provided has picked up 8 viruses. I'm going to let it
run the night because it seems as if it won't be done anytime soon. Thanks
once again for all the help and I will update the thread in the morning.

OK... Yes, you need an Anti-Virus, but there are free scans available on the
internet too, anytime you need just an AV scan without ongoing protection.

Try this Microsoft one, although you'll not be able to run it in Safe boot mode
since it's an online scan, but better than nothing at the moment:

www.safety.live


--
Regards, Dave

I think the problem is I don't have any Anti-Virus programs, they're all
anti-spyware. Where am I able to find an Anti-Virus? Most of the adware is
gone as far as I can tell (MSAS did an awesome job getting rid of it). I
found out the other files and deleted them manually (such as the one causing
the freeprod). So the only thing I need apparently is the Anti-Virus and then
I will get to work on getting rid of this for good.

OK got both your multi-scanner reports now. You have quite a load there.
I'm not sure of what MSAS has detected for you but has been unable to remove
so far. So give it a chance, most of that stuff your seeing is Adware.

In order to remove as much as possible I think you should clean your system,
delete prefetch files, and run both your Anti-Virus and Anti-Spyware scans
from Safe Boot mode. You do have an Anti-Virus right?

Update your Anti-Virus and Anti-Spyware definitions (MSAS was having some
update problems but it should be settled out soon)

Download and install Ccleªner (from Engle)
http://www.ccleaner.com/ccdownload.asp

Reboot to Safe Mode

Please ensure you are doing this under a Administrator accºunt

Clear prefetch files by going to Start menu and Run and typing

prefetch

and then click OK.

Open Ccleaner and press "Run Cleaner" from the menu choose 'Issues' and then
press scan for issues, Repair any fºund.

Run an Anti-Virus full deep scan
Run a MSAS full deep scan repeatedly until nothing is detected on your
system or three full cycles of scanning complete.

Reboot back to Normal Mode.

Let us know if any problems still exist and what was cleaned by MSAS and the
A-V scans.
--
Regards, Dave


Dave M wrote:
...geesh, don't click on the post link to w w w freeprod com, sorry about
posting it that way... it's gonna give you some drive by download probably
like sephiroth61787 has if you go there.

Hi sephiroth61787;

Try running the jotti one also... it could be either very new or
non-malignant, but you did take a malignant download from freeprod it looks
like. Does MSAS pick anything up? How about your Anti-virus? Do a full
deep scan with updated definitions on both

Dave M wrote:
...actually I did find freeprod.com finally.

127.0.0.1 freeprod.com #[IE-SpyAd]
127.0.0.1 w w w freeprod com
http://www.mvps.org/winhelp2002/hosts.txt

You might be interested in the Hosts file from mvps.org that prevents
downloads from malware sites such as this.
Blocking Unwanted Parasites with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

sephiroth61787 wrote:
Hello all,
I just ran the Microsoft AntiSpyware program, but I still
have two forms of spyware apparently. One window keeps coming up as
"Freeprod.com" and tries to install itself whenever the computer is
brought up. The other file, sqlbkup.exe, has been on my computer since
Monday and I know for a fact this is a virus of some sort due to it not
wanting to be deleted. Any help would be greatly appreciated!

 

[Frank Saunders, MS-MVP OE]

I think the problem is I don't have any Anti-Virus programs, they're
all anti-spyware. Where am I able to find an Anti-Virus? Most of the
adware is gone as far as I can tell (MSAS did an awesome job getting
rid of it). I found out the other files and deleted them manually
(such as the one causing the freeprod). So the only thing I need
apparently is the Anti-Virus and then I will get to work on getting
rid of this for good.

Get the free AVG:
http://free.grisoft.com/freeweb.php

--
Frank Saunders, MS-MVP OE
Please respond in Newsgroup. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com/security/protect/

 

[Guest]

Hello,

This is some of what you need.
http://wiki.castlecops.com/Roll_your_own_Free_Security_Suite

Engel

I think the problem is I don't have any Anti-Virus programs, they're all
anti-spyware. Where am I able to find an Anti-Virus? Most of the adware is
gone as far as I can tell (MSAS did an awesome job getting rid of it). I
found out the other files and deleted them manually (such as the one causing
the freeprod). So the only thing I need apparently is the Anti-Virus and then
I will get to work on getting rid of this for good.

OK got both your multi-scanner reports now. You have quite a load there.
I'm not sure of what MSAS has detected for you but has been unable to remove so
far. So give it a chance, most of that stuff your seeing is Adware.

In order to remove as much as possible I think you should clean your system,
delete prefetch files, and run both your Anti-Virus and Anti-Spyware scans from
Safe Boot mode. You do have an Anti-Virus right?

Update your Anti-Virus and Anti-Spyware definitions (MSAS was having some update
problems but it should be settled out soon)

Download and install Ccleªner (from Engle)
http://www.ccleaner.com/ccdownload.asp

Reboot to Safe Mode

Please ensure you are doing this under a Administrator accºunt

Clear prefetch files by going to Start menu and Run and typing

prefetch

and then click OK.

Open Ccleaner and press "Run Cleaner" from the menu choose 'Issues' and then
press scan for issues, Repair any fºund.

Run an Anti-Virus full deep scan
Run a MSAS full deep scan repeatedly until nothing is detected on your system or
three full cycles of scanning complete.

Reboot back to Normal Mode.

Let us know if any problems still exist and what was cleaned by MSAS and the A-V
scans.
--
Regards, Dave

...geesh, don't click on the post link to w w w freeprod com, sorry about
posting it that way... it's gonna give you some drive by download probably
like sephiroth61787 has if you go there.

Hi sephiroth61787;

Try running the jotti one also... it could be either very new or
non-malignant, but you did take a malignant download from freeprod it looks
like. Does MSAS pick anything up? How about your Anti-virus? Do a full
deep scan with updated definitions on both

Dave M wrote:
...actually I did find freeprod.com finally.

127.0.0.1 freeprod.com #[IE-SpyAd]
127.0.0.1 w w w freeprod com
http://www.mvps.org/winhelp2002/hosts.txt

You might be interested in the Hosts file from mvps.org that prevents
downloads from malware sites such as this.
Blocking Unwanted Parasites with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

sephiroth61787 wrote:
Hello all,
I just ran the Microsoft AntiSpyware program, but I still have
two forms of spyware apparently. One window keeps coming up as
"Freeprod.com" and tries to install itself whenever the computer is brought
up. The other file, sqlbkup.exe, has been on my computer since Monday and I
know for a fact this is a virus of some sort due to it not wanting to be
deleted. Any help would be greatly appreciated!