Can Not Delete!!!!

Discussion in 'System Security & Infection Support' started by frankrizzo, Oct 29, 2004.

  1. frankrizzo

    frankrizzo

    Joined:
    Oct 29, 2004
    Messages:
    42
    Likes Received:
    1
    Location:
    vancouver
    Hi all, this is my first post......

    I started getting popups a few days ago.... I dont know where this came from noone who lives here will admit they did it... but I'm guessing someone went to some website or something and now I have a program running on my system that I can't delete or stop from running.... I noticed it when restarted and went to task manager to stop a few programs that I don't want running and there they were... two files running iexporer.exe which never were there before...I tried to end process them and nothing.. they wont stop.. I dug deeper and found where the actuall program is on my computer... documents and settings, all users, application data, dup wma log browse, and there it is...CORNBONE! I tried to delete it and it will not... says it is in use by another person or program..I then tried going to msconfig and unchecking it( it did show up on start up files as well), and restarting but it still runs.. when I open my internet explorer a search bar with links on it pops up on the bottom of screen everytime.. I found the file and entered it in my address bar and it goes to a webpage with nothing but the same search bar at the top of a grey screen....I ran reg supreme and it isnt even listed in there... I don't know what to do... can someone help me out?
    tnx franky:shock
     
    Last edited: Oct 29, 2004
    frankrizzo, Oct 29, 2004
    #1
    James likes this.
    1. Advertisements

  2. frankrizzo

    RD2DG I smell a bump! VIP Member

    Joined:
    Oct 11, 2003
    Messages:
    549
    Likes Received:
    11
    Location:
    Madison
    Update Virus Definitions and make sure your virus scanner is running.

    In the "handy tools" section (under quick links) look for Adaware and Spybot S&D. Download them, run them, and enjoy :D. Also, run spybot before adaware because sometimes spybot thinks that parts of adaware are bad.

    What could also help is if you download "hijackthis" from the handy tools section and post the log.

    And welcome to BD!!! :clap
     
    RD2DG, Oct 29, 2004
    #2
    1. Advertisements

  3. frankrizzo

    D Schrute Assistant Sensei VIP Member

    Joined:
    Aug 31, 2004
    Messages:
    1,201
    Likes Received:
    19
    Location:
    VA & NC
    If RD2DG's post doesn't help you, you can download Killbox With this program you can select it to delete a program as the computer shutdowns and it isn't in use.
     
    D Schrute, Oct 29, 2004
    #3
  4. frankrizzo

    frankrizzo

    Joined:
    Oct 29, 2004
    Messages:
    42
    Likes Received:
    1
    Location:
    vancouver
    Srry, forgot to say that I ran both spybot and adaware and neither found it... and the link on c5mel's post I couldnt see anything called killbox anywhere..... here is the log from hijackthis...
    thanks.
    frank
    Logfile of HijackThis v1.98.2
    Scan saved at 10:11:42 AM, on 29/10/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
    C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\System32\nvsvc32.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\WINDOWS\System32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\Documents and Settings\frank rizzo\My Documents\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.npjavtbfdwspoylwwszdtwl....usqkAyhRUATxbhIlA0gUyT5lwYWSHBQOVeFRncdv.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tibia.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {75D4EC53-802C-E868-3983-2D6557E41098} - C:\DOCUME~1\FRANKR~1\APPLIC~1\MPEGSL~1\four locks.exe
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
    O4 - HKLM\..\Run: [DVDTray] C:\Program Files\HP DVD\Umbrella\DVDTray.exe
    O4 - HKLM\..\Run: [DVDBitSet] C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe /NOUI
    O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [acid dead] C:\DOCUME~1\FRANKR~1\APPLIC~1\NOUNOP~1\itchstop.exe
    O4 - Global Startup: DN.pif = C:\PROGRA~1\SMARTC~1\DN\cemu.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {07637823-C894-4A52-B3F9-5D777FD8E36A} - http://www.mydailyhoroscope.net/mdh/install.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-ca/4,0,0,83/mcinsctl.cab
    O16 - DPF: {683DFF0F-331F-44D2-B69B-46D7BFB58F32} (VacPro.canada_ver3) - http://www.advnt01.com/dialer/canada_ver3.CAB
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-ca/1,0,0,20/mcgdmgr.cab
     
    frankrizzo, Oct 29, 2004
    #4
  5. frankrizzo

    D Schrute Assistant Sensei VIP Member

    Joined:
    Aug 31, 2004
    Messages:
    1,201
    Likes Received:
    19
    Location:
    VA & NC
    I pm'ed you a link to a download location... the only place i could find a link is on another forum so i won't advertise for that forum here.
     
    D Schrute, Oct 29, 2004
    #5
  6. frankrizzo

    frankrizzo

    Joined:
    Oct 29, 2004
    Messages:
    42
    Likes Received:
    1
    Location:
    vancouver
    YES!!!!! its gone! thanks so much you guys, really appreciate it..
    Frank (aka not frank).... lol
     
    frankrizzo, Oct 29, 2004
    #6
  7. frankrizzo

    D Schrute Assistant Sensei VIP Member

    Joined:
    Aug 31, 2004
    Messages:
    1,201
    Likes Received:
    19
    Location:
    VA & NC
    Glad we could help!
     
    D Schrute, Oct 29, 2004
    #7
  8. frankrizzo

    ruslanb76 pivo prosim VIP Member

    Joined:
    Jul 17, 2004
    Messages:
    442
    Likes Received:
    5
    Location:
    usa
    Glad to hear that you got rid of it. You can always go into DOS and delete it there too. Maybe for next time.
     
    ruslanb76, Oct 29, 2004
    #8
  9. frankrizzo

    frankrizzo

    Joined:
    Oct 29, 2004
    Messages:
    42
    Likes Received:
    1
    Location:
    vancouver
    ok 8( same thing is now back but called dup log....where is this coming from?
    how do I delete in dos? but finding the cause would be better since it keeps coming back...:shock
     
    Last edited: Oct 30, 2004
    frankrizzo, Oct 30, 2004
    #9
  10. frankrizzo

    James Photojournalist

    Joined:
    Dec 24, 2002
    Messages:
    6,662
    Likes Received:
    35
    What do you have installed, free applications? Can you list them?
     
    James, Oct 31, 2004
    #10
  11. frankrizzo

    D Schrute Assistant Sensei VIP Member

    Joined:
    Aug 31, 2004
    Messages:
    1,201
    Likes Received:
    19
    Location:
    VA & NC
    Do you have up to date virus definitions? There is a virus called "Download.Trojan" and it downloads more trojans while you are infected... so you need to delete the source file if your Anti-Virus program can locate it.
     
    D Schrute, Oct 31, 2004
    #11
  12. frankrizzo

    ruslanb76 pivo prosim VIP Member

    Joined:
    Jul 17, 2004
    Messages:
    442
    Likes Received:
    5
    Location:
    usa
    Is it still the ieexpore exe you originally had trouble in? Boot into dos mode(f8 at startup and choose dos). Then type. This will work for a single file. Check its properties for its dos name.

    DEL (ERASE) [d:][path]filename [/P]

    Deletes (erases) files from disk

    Try HS Cleandisk Pro it is a trial download available at this link. Good stuff and it cleans at all your index dats in dos at startup or shutdown depending on how you configure it. Try this out if you arent sure about the dos. Let us know what happens.

    http://www.utilitygeek.com/showfiles.php?view=normal&catid=18
     
    ruslanb76, Oct 31, 2004
    #12
  13. frankrizzo

    frankrizzo

    Joined:
    Oct 29, 2004
    Messages:
    42
    Likes Received:
    1
    Location:
    vancouver
    my free programs are: adaware SE, spybot search and destroy, winamp , win rar, resupreme, I have mcafee virus scan installed and it updates like everyday..and it is still called the same iexplore.exe as if i have a web page open, but it is actually dupedog, the only programs that I just installed are the adaware, spybot and regsupreme, I installed them to try to get rid of this problem.... I didnt install anything new when it happened..BUT my wife started goin on this program called myspace, one of her friends said " oh you have to go and try this its so cool" .. nono we cant just chat on msn like normal people frickin idiots... so that might be it I dont know..... oh and I went to run killbox again and its gone?... would adaware or spybot have deleted it thinking its spyware or somthing? tnx
    :D
     
    Last edited: Nov 1, 2004
    frankrizzo, Nov 1, 2004
    #13
  14. frankrizzo

    ruslanb76 pivo prosim VIP Member

    Joined:
    Jul 17, 2004
    Messages:
    442
    Likes Received:
    5
    Location:
    usa
    Possible. If it shows up again try and delete it in dos. Keep us posted.
     
    ruslanb76, Nov 1, 2004
    #14
  15. frankrizzo

    frankrizzo

    Joined:
    Oct 29, 2004
    Messages:
    42
    Likes Received:
    1
    Location:
    vancouver
    ok I deleted it again with killbox.. now it is back and it is called boob rule. where is this coming from?
     
    frankrizzo, Nov 2, 2004
    #15
  16. frankrizzo

    Fenis-Wolf VIP Member

    Joined:
    Apr 30, 2003
    Messages:
    2,951
    Likes Received:
    35
    Location:
    Ann Arbor, Mi
    Can you run AdAware in safe mode, then reboot and run HijackThis, and post the log here again?
     
    Fenis-Wolf, Nov 2, 2004
    #16
  17. frankrizzo

    frankrizzo

    Joined:
    Oct 29, 2004
    Messages:
    42
    Likes Received:
    1
    Location:
    vancouver
    ok i did all that here is the log..
    Logfile of HijackThis v1.98.2
    Scan saved at 10:48:56 AM, on 02/11/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
    C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\frank rizzo\My Documents\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cwncjvtiuzeajmdvw.com/Zt...3OzgLtb35l8lKBBndPQhhgbJ/Wwd/E1bx702qy4s.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tibia.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {75D4EC53-802C-E868-3983-2D6557E41098} - C:\DOCUME~1\FRANKR~1\APPLIC~1\MPEGSL~1\four locks.exe
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
    O4 - HKLM\..\Run: [DVDTray] C:\Program Files\HP DVD\Umbrella\DVDTray.exe
    O4 - HKLM\..\Run: [DVDBitSet] C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe /NOUI
    O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [logbrowseblahwin] C:\Documents and Settings\All Users\Application Data\Dupe Wma Log Browse\BurnTrust.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [acid dead] C:\DOCUME~1\FRANKR~1\APPLIC~1\NOUNOP~1\itchstop.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: DN.pif = C:\PROGRA~1\SMARTC~1\DN\cemu.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {07637823-C894-4A52-B3F9-5D777FD8E36A} - http://www.mydailyhoroscope.net/mdh/install.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-ca/4,0,0,83/mcinsctl.cab
    O16 - DPF: {683DFF0F-331F-44D2-B69B-46D7BFB58F32} (VacPro.canada_ver3) - http://www.advnt01.com/dialer/canada_ver3.CAB
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-ca/1,0,0,20/mcgdmgr.cab
     
    frankrizzo, Nov 2, 2004
    #17
  18. frankrizzo

    Fenis-Wolf VIP Member

    Joined:
    Apr 30, 2003
    Messages:
    2,951
    Likes Received:
    35
    Location:
    Ann Arbor, Mi
    Check these and reboot:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cwncjvtiuzeajmdvw.com/Zt...1bx702qy4s.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tibia.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    2 - BHO: (no name) - {75D4EC53-802C-E868-3983-2D6557E41098} - C:\DOCUME~1\FRANKR~1\APPLIC~1\MPEGSL~1\four locks.exe
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [logbrowseblahwin] C:\Documents and Settings\All Users\Application Data\Dupe Wma Log Browse\BurnTrust.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [acid dead] C:\DOCUME~1\FRANKR~1\APPLIC~1\NOUNOP~1\itchstop.ex e
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: DN.pif = C:\PROGRA~1\SMARTC~1\DN\cemu.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {07637823-C894-4A52-B3F9-5D777FD8E36A} - http://www.mydailyhoroscope.net/mdh/install.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared...83/mcinsctl.cab
    O16 - DPF: {683DFF0F-331F-44D2-B69B-46D7BFB58F32} (VacPro.canada_ver3) - http://www.advnt01.com/dialer/canada_ver3.CAB
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared...,20/mcgdmgr.cab
    then reboot, and try to remove the files you want.
     
    Fenis-Wolf, Nov 2, 2004
    #18
  19. frankrizzo

    frankrizzo

    Joined:
    Oct 29, 2004
    Messages:
    42
    Likes Received:
    1
    Location:
    vancouver
    ok so am I checking these on hijack this then hitting fix selected?... or just check them and hit nothing and reboot comp? and then you said reboot again and remove the files you want..?? isnt having these checked going to remove them? I dont quite understand your directions. o.0
     
    frankrizzo, Nov 3, 2004
    #19
  20. frankrizzo

    Fenis-Wolf VIP Member

    Joined:
    Apr 30, 2003
    Messages:
    2,951
    Likes Received:
    35
    Location:
    Ann Arbor, Mi
    Check the ones I've marked above. Then click 'Fix Selected'. Reboot. Run AdAware again.
    You're done. Its simple.
     
    Fenis-Wolf, Nov 3, 2004
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.