Infected Files . .

I just ran a scan with The Cleaner for my friends computer as well as AVG Anti-Virus and I don't remember exactly what The Cleaner picked up but AVG detected 38 infected files alot of which were Optix Pro I tryed cleaning and deleting the files with The Cleaner as well as Quarentineing them. and then putting them in the " Vault " with AVG all it said was it could not be removed on The Cleaner and AVG.

I have a log from when AVG scanned the Hard drive so here it is!

Results of Complete Test, date and time 14/02/2004 17:39:35 :
Testing C:\ volume HP_PAVILION serial 3558-12FF
C:\WINDOWS\BELT.EXE repaired
C:\WINDOWS\TEMP\BELT.EXE repaired
C:\WINDOWS\Application Data\SJVOBWSK.EXE repaired
C:\_RESTORE\TEMP\A0000220.0 BackDoor.Optix.AP
C:\_RESTORE\TEMP\A0000159.0 BackDoor.Optix.Z
C:\_RESTORE\TEMP\A0000269.0 BackDoor.Optix.AP
C:\_RESTORE\TEMP\A0000290.0 BackDoor.Optix.AV
C:\_RESTORE\TEMP\A0000323.0 BackDoor.Optix.Z
C:\_RESTORE\TEMP\A0000347.0 BackDoor.Optix.AP
C:\_RESTORE\TEMP\A0000370.0 BackDoor.Optix.AV
C:\_RESTORE\TEMP\A0000372.0 BackDoor.Optix.Z
C:\_RESTORE\TEMP\A0000397.0 BackDoor.Optix.AP
C:\_RESTORE\TEMP\A0000421.0 BackDoor.Optix.AV
C:\_RESTORE\TEMP\A0011440.CPY BackDoor.Beastdoor.H
C:\_RESTORE\TEMP\A0022270.1 BackDoor.Optix
C:\_RESTORE\TEMP\A0022282.0 BackDoor.Optix
C:\_RESTORE\TEMP\A0023207.0 BackDoor.Optix.Z
C:\_RESTORE\TEMP\A0023209.0 BackDoor.Optix.Z
C:\_RESTORE\TEMP\A0023213.0 BackDoor.Optix.Z
C:\_RESTORE\TEMP\A0023215.0 BackDoor.Optix.Z
C:\_RESTORE\TEMP\A0064763.CPY MusicSearch
C:\_RESTORE\TEMP\A0066228.CPY BackDoor.Beastdoor.H
C:\_RESTORE\TEMP\A0066230.CPY BackDoor.Beastdoor.H
C:\_RESTORE\TEMP\A0066232.CPY BackDoor.Beastdoor.H
C:\_RESTORE\TEMP\A0066234.CPY BackDoor.Beastdoor.H
C:\_RESTORE\TEMP\A0066235.CPY BackDoor.Beastdoor.H
C:\_RESTORE\TEMP\A0066243.CPY BackDoor.Beastdoor.Q
C:\_RESTORE\TEMP\A0069293.CPY BackDoor.Beastdoor.FA
C:\_RESTORE\TEMP\A0069315.CPY BackDoor.Beastdoor.FA
C:\_RESTORE\TEMP\A0069333.CPY BackDoor.Beastdoor.FA
C:\_RESTORE\TEMP\A0069351.CPY BackDoor.Beastdoor.FA
C:\_RESTORE\TEMP\A0069371.CPY BackDoor.Beastdoor.FA
C:\_RESTORE\TEMP\A0069389.CPY BackDoor.Beastdoor.FA
C:\_RESTORE\TEMP\A0069407.CPY BackDoor.Beastdoor.FA
C:\_RESTORE\TEMP\A0069427.CPY BackDoor.Beastdoor.FA
C:\_RESTORE\TEMP\A0069447.CPY BackDoor.Beastdoor.FA
C:\_RESTORE\TEMP\A0069477.CPY BackDoor.Beastdoor.FA
C:\_RESTORE\TEMP\A0069478.CPY BackDoor.Beastdoor.FG
Test finished, duration 00:55:13.4 s
35429 objects tested, 38 found infected

I also have a log from when I tryed to remove them with the cleaner.

[14/02/2004 5:18:50 PM] *** Begin Session ***
[14/02/2004 5:18:50 PM] System Is Windows ME (4.90 (3000. ))
[14/02/2004 5:18:50 PM] The Cleaner Professional 4.0 BUILD 4218
[14/02/2004 5:18:50 PM] Local Path: C:\PROGRAM FILES\THE CLEANER\
[14/02/2004 5:18:50 PM] System Directory: C:\WINDOWS\SYSTEM\
[14/02/2004 5:18:50 PM] Windows Directory: C:\WINDOWS\
[14/02/2004 5:18:56 PM] Load Database
[14/02/2004 5:18:56 PM] Loading database...
[14/02/2004 5:19:04 PM] Ready.
[14/02/2004 5:19:04 PM] Examining drives
[14/02/2004 5:19:04 PM] a:\
[14/02/2004 5:19:04 PM] c:\ HP_PAVILION
[14/02/2004 5:19:04 PM] m:\
[14/02/2004 5:19:04 PM] n:\
[14/02/2004 5:19:06 PM] Free space on drive C:\ = 41156673536.00 (38.33GB)
[14/02/2004 5:19:15 PM] Scanning...
[14/02/2004 5:19:15 PM] Beginning Scan
[14/02/2004 5:19:16 PM] Scanning active memory...
[14/02/2004 5:19:16 PM] Active memory scan complete.
[14/02/2004 5:19:16 PM] Estimate byte count is 20295450624
[14/02/2004 5:19:16 PM] Scanning Drive c
[14/02/2004 5:32:57 PM] Failed to remove C:\WINDOWS\TEMP\tc$12766: Access is denied.
[14/02/2004 5:32:57 PM] Failed to remove C:\WINDOWS\TEMP\tc$19873: Access is denied.
[14/02/2004 5:32:57 PM] Failed to remove C:\WINDOWS\TEMP\tc$15564: Access is denied.
[14/02/2004 5:32:57 PM] Failed to remove C:\WINDOWS\TEMP\tc$11254: Access is denied.
[14/02/2004 5:32:57 PM] Failed to remove C:\WINDOWS\TEMP\tc$17189: Access is denied.
[14/02/2004 5:32:57 PM] Failed to remove C:\WINDOWS\TEMP\tc$15261: Access is denied.
[14/02/2004 5:32:57 PM] Failed to remove C:\WINDOWS\TEMP\tc$19476: Access is denied.
[14/02/2004 5:32:57 PM] Failed to remove C:\WINDOWS\TEMP\tc$16697: Access is denied.
[14/02/2004 5:32:57 PM] Failed to remove C:\WINDOWS\TEMP\tc$14561: Access is denied.
[14/02/2004 5:32:57 PM] Failed to remove C:\WINDOWS\TEMP\tc$11876: Access is denied.
[14/02/2004 5:32:57 PM] Failed to remove C:\WINDOWS\TEMP\tc$16394: Access is denied.
[14/02/2004 5:32:57 PM] Failed to remove C:\WINDOWS\TEMP\tc$15222: Access is denied.
[14/02/2004 5:32:57 PM] Failed to remove C:\WINDOWS\TEMP\tc$10912: Access is denied.
[14/02/2004 5:32:57 PM] Failed to remove C:\WINDOWS\TEMP\tc$15430: Access is denied.
[14/02/2004 5:32:57 PM] Failed to remove C:\WINDOWS\TEMP\tc$14258: Access is denied.
[14/02/2004 5:32:57 PM] Failed to remove C:\WINDOWS\TEMP\tc$18775: Access is denied.
[14/02/2004 5:32:57 PM] Failed to remove C:\WINDOWS\TEMP\tc$14466: Access is denied.
[14/02/2004 5:32:57 PM] Failed to remove C:\WINDOWS\TEMP\tc$13502: Access is denied.
[14/02/2004 5:32:57 PM] Failed to remove C:\WINDOWS\TEMP\tc$14919: Access is denied.
[14/02/2004 5:32:57 PM] Failed to remove C:\WINDOWS\TEMP\tc$10004: Access is denied.
[14/02/2004 5:32:57 PM] Failed to remove C:\WINDOWS\TEMP\tc$14124: Access is denied.
[14/02/2004 5:32:57 PM] Failed to remove C:\WINDOWS\TEMP\tc$15957: Access is denied.
[14/02/2004 5:32:57 PM] Failed to remove C:\WINDOWS\TEMP\tc$19303: Access is denied.
[14/02/2004 5:32:57 PM] Failed to remove C:\WINDOWS\TEMP\tc$18205: Access is denied.

 

Can you delete the folder manually? Did it say which files it infected?

Nasty virus your friend has there. Look at Nortons site for removal help.

 

I see

I tryed to delete them manually but it said the file is currently in use. And as for Norton He only has a copy of Norton 2003 which is not currently installed on the computer. * I just tryed that websites removal instructions but once I get to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Policies ( RIGHT HERE THERE IS NO EXPLORER )\Explorer\Run

 

That's because he has Windows ME. I don't have a 9x machine up right now, but the registry is laid out a little differently. They key is located someone else I believe.

 

Well if your talking about this one I'm on my family computer? which also has Windows ME hes running Windows 98 SE.

 

Windows 98 and windows ME run almost the same, especially the registry...

I'm searching right now for you.