#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2010
    Posts
    22
    Rep Power
    0

    Attacked by ave.exe malware - argh!


    I am running XP (sp2). I was attacked by the ave.exe malware
    virus. After some reading and troubleshooting I was able to
    remove the ave.exe that was affecting my system by using
    the Malware software tool.

    So, now the ave.exe is gone but my system has been plagued
    with the following NEW symptoms that are plaugeing my pc.

    • There is now an svchost running at 100% cpu time that is tied to the DCOM launcher process

    • Both the Windows Media player and Winamp will no longer run any web based audio file

    • IE7 had to have the network services reset, or it would not start. Although I am a Firefox user and it continued to run as before


    I have run the Spybot 1.6.2. The RegCure software, and
    XoftSpySE tool. They all have removed numerious issues, NONE of which changed the above symptoms.

    I was running the BitDefender 2010 Internet Security with
    the firewall enabled, which not NOT prevent the original
    ave.exe attack from occurring.

    I am stuck with trying to figure what to do to remove the
    plagues I've been left with. Help would be appreciated.

    eact7402
  2. #2
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2010
    Posts
    22
    Rep Power
    0

    And another symtom found


    And another new symptom of my virus is that appears to
    be re-directing url's from Firefox to other web sites when
    item are chosen from a Google search list. Arrrrrggg!
  4. #3
  5. They're coming to take me away

    Join Date
    Jan 2005
    Location
    Florida
    Posts
    5,105
    Rep Power
    5049
    I know you've already run malwarebytes, but go ahead and run through ALL the steps listedhere. Post back the logs.
    "I don't need to get a life. I'm a gamer. I have lots of lives!"
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2010
    Posts
    22
    Rep Power
    0
    Part 1
    -------
    I am still being set upon by the ave.exe virus…
    Here are my experiences and log files.

    At my first attempt to run MalwareBytes anti-
    virus were not entirely successful. And by the
    time I reinstalled it and got it running I had
    re-aquired the ave.exe virus again, so I then ran
    the software and it produced the following log..
    --------------------------------------------------
    Malwarebytes' Anti-Malware 1.45
    Dsatabase version: 3970
    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    4/8/2010 5:53:05 PM
    mbam-log-2010-04-08 (17-53-05).txt

    Scan type: Quick scan
    Objects scanned: 165716
    Time elapsed: 2 hour(s), 4 minute(s), 50
    second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 42
    Registry Values Infected: 1
    Registry Data Items Infected: 7
    Folders Infected: 4
    Files Infected: 29

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{6f282b65-
    56bf-4bd1-a8b2-a4449a05863d}
    (Adware.Gamesbar) -> Quarantined and deleted
    successfully.
    HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-
    c5b5-49a5-a69d-cc0a30f9028c}
    (Adware.Minibug) -> Quarantined and deleted
    successfully.
    HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-
    031f-4397-9614-87c932a848e0}
    (Adware.Minibug) -> Quarantined and deleted
    successfully.
    HKEY_CURRENT_USER\SOFTWARE\Micros
    oft\Windows\CurrentVersion\Ext\Stats\{1a93c93
    4-025b-4c3a-b38e-9654a7003239}
    (Adware.Gamesbar) -> Quarantined and deleted
    successfully.
    HKEY_CURRENT_USER\SOFTWARE\Micros
    oft\Windows\CurrentVersion\Ext\Stats\{6f282b6
    5-56bf-4bd1-a8b2-a4449a05863d}
    (Adware.Gamesbar) -> Quarantined and deleted
    successfully.
    HKEY_CURRENT_USER\SOFTWARE\Micros
    oft\Windows\CurrentVersion\Ext\Stats\{b64f4a7
    c-97c9-11da-8bde-f66bad1e3f3a}
    (Rogue.WinAntiVirus) -> Quarantined and
    deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Micros
    oft\Windows\CurrentVersion\Ext\Stats\{f919fbd
    3-a96b-4679-af26-f551439bb5fd}
    (Trojan.FakeAlert) -> Quarantined and deleted
    successfully.
    HKEY_CURRENT_USER\SOFTWARE\Micros
    oft\Windows\CurrentVersion\Ext\Stats\{827dc83
    6-dd9f-4a68-a602-5812eb50a834}
    (Trojan.Vundo) -> Quarantined and deleted
    successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Micr
    osoft\Internet Explorer\Extensions\{1a93c934-
    025b-4c3a-b38e-9654a7003239}
    (Adware.Gamesbar) -> Quarantined and deleted
    successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Micr
    osoft\Windows\CurrentVersion\Explorer\Browse
    r Helper Objects\{6f282b65-56bf-4bd1-a8b2-
    a4449a05863d} (Adware.Gamesbar) ->
    Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\avsof
    t (Trojan.Fraudpack) -> Quarantined and deleted
    successfully.
    HKEY_CLASSES_ROOT\acm.acmfactory
    (Adware.WhenU) -> Quarantined and deleted
    successfully.
    HKEY_CLASSES_ROOT\acm.acmfactory.1
    (Adware.WhenU) -> Quarantined and deleted
    successfully.
    HKEY_CLASSES_ROOT\clientax.clientinstaller
    (Adware.180Solutions) -> Quarantined and
    deleted successfully.
    HKEY_CLASSES_ROOT\clientax.clientinstaller
    .1 (Adware.180Solutions) -> Quarantined and
    deleted successfully.
    HKEY_CLASSES_ROOT\clientax.requiredcom
    ponent (Adware.180Solutions) -> Quarantined
    and deleted successfully.
    HKEY_CLASSES_ROOT\clientax.requiredcom
    ponent.1 (Adware.180Solutions) -> Quarantined
    and deleted successfully.
    HKEY_CLASSES_ROOT\D (Trojan.Agent) ->
    Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\D.1 (Trojan.Agent) ->
    Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.histo
    rykillerscheduler (Adware.MyWebSearch) ->
    Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.histo
    rykillerscheduler.1 (Adware.MyWebSearch) ->
    Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.histo
    ryswattercontrolbar (Adware.MyWebSearch) ->
    Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.histo
    ryswattercontrolbar.1 (Adware.MyWebSearch) -
    > Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.iecoo
    kiesmanager (Adware.MyWebSearch) ->
    Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.iecoo
    kiesmanager.1 (Adware.MyWebSearch) ->
    Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.killer
    objmanager (Adware.MyWebSearch) ->
    Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.killer
    objmanager.1 (Adware.MyWebSearch) ->
    Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mediagatewayx.instal
    ler (Adware.180Solutions) -> Quarantined and
    deleted successfully.
    HKEY_CLASSES_ROOT\minibugtransporter.m
    inibugtransporterx (Adware.Minibug) ->
    Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\minibugtransporter.m
    inibugtransporterx.1 (Adware.Minibug) ->
    Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\popcaploader.popcapl
    oaderctrl2 (Adware.PopCap) -> Quarantined and
    deleted successfully.
    HKEY_CLASSES_ROOT\popcaploader.popcapl
    oaderctrl2.1 (Adware.PopCap) -> Quarantined
    and deleted successfully.
    HKEY_CLASSES_ROOT\screensavercontrol.scr
    eensaverinstaller (Adware.MyWebSearch) ->
    Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\screensavercontrol.scr
    eensaverinstaller.1 (Adware.MyWebSearch) ->
    Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\WUSN.1
    (Adware.WhenU) -> Quarantined and deleted
    successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Micr
    osoft\Multimedia\WMPlayer\Schemes\f3pss
    (Adware.MyWebSearch) -> Quarantined and
    deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Micr
    osoft\Windows NT\CurrentVersion\Image File
    Execution Options\ctfmon.exe (Security.Hijack) -
    > Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\avsoft
    (Trojan.Fraudpack) -> Quarantined and deleted
    successfully.
    HKEY_CLASSES_ROOT\tldctl2.urllink
    (Adware.NewDotNet) -> Quarantined and
    deleted successfully.
    HKEY_CLASSES_ROOT\tldctl2.urllink.1
    (Adware.NewDotNet) -> Quarantined and
    deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Micr
    osoft\Windows\CurrentVersion\Explorer\Browse
    r Helper Objects\{4ae0d484-0caf-3ccd-941b-
    005b0cda5ccf} (Trojan.BHO) -> Quarantined
    and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{4ae0d484-
    0caf-3ccd-941b-005b0cda5ccf} (Trojan.BHO) ->
    Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Micr
    osoft\Internet Explorer\Toolbar\{6f282b65-56bf-
    4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -
    > Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentC
    ontrolSet\Control\LSA\Notification Packages
    (Trojan.Vundo.H) -> Data: modpgnma.dll ->
    Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Clien
    ts\StartMenuInternet\FIREFOX.EXE\shell\open\
    command\(default) (Hijack.StartMenuInternet) ->
    Bad: ("C:\Documents and Settings\David\Local
    Settings\Application Data\ave.exe" /START
    "C:\Program Files\Mozilla Firefox\firefox.exe")
    Good: (firefox.exe) -> Quarantined and deleted
    successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Clien
    ts\StartMenuInternet\IEXPLORE.EXE\shell\open
    \command\(default) (Hijack.StartMenuInternet) -
    > Bad: ("C:\Documents and Settings\David\Local
    Settings\Application Data\ave.exe" /START
    "C:\Program Files\Internet
    Explorer\iexplore.exe") Good: (iexplore.exe) ->
    Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Clien
    ts\StartMenuInternet\FIREFOX.EXE\shell\safem
    ode\command\(default)
    (Hijack.StartMenuInternet) -> Bad:
    ("C:\Documents and Settings\David\Local
    Settings\Application Data\ave.exe" /START
    "C:\Program Files\Mozilla Firefox\firefox.exe" -
    safe-mode) Good: (firefox.exe -safe-mode) ->
    Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Micr
    osoft\Security Center\AntiVirusDisableNotify
    (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -
    > Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Micr
    osoft\Security Center\FirewallDisableNotify
    (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -
    > Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Micr
    osoft\Security Center\UpdatesDisableNotify
    (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -
    > Quarantined and deleted successfully.

    Folders Infected:
    C:\Program Files\Microsoft Security Adviser
    (Trojan.Downloader) -> Quarantined and deleted
    successfully.
    C:\Documents and Settings\Caroline\Start
    Menu\Programs\WhenU (Adware.WhenU) ->
    Quarantined and deleted successfully.
    C:\RECYCLER\S-1-5-21-606747145-
    1085031214-725345543-500 (Backdoor.Bot) ->
    Quarantined and deleted successfully.
    C:\Program Files\VVSN (Adware.WhenU) ->
    Quarantined and deleted successfully.

    Files Infected:
    C:\WINDOWS\modpgnma.dll (Trojan.Vundo.H)
    -> Delete on reboot.
    C:\RECYCLER\S-1-5-21-606747145-
    1085031214-725345543-500\a_friend.exe
    (Backdoor.Bot) -> Quarantined and deleted
    successfully.
    C:\RECYCLER\S-1-5-21-606747145-
    1085031214-725345543-500\svchost.exe
    (Worm.Autorun.B) -> Quarantined and deleted
    successfully.
    C:\WINDOWS\system32\eu93215.dll
    (Trojan.BHO) -> Quarantined and deleted
    successfully.
    C:\WINDOWS\system32\drivers\dktcy.sys
    (Rootkit.Agent) -> Delete on reboot.
    C:\WINDOWS\Temp\~TMA7.tmp
    (Trojan.Hiloti) -> Quarantined and deleted
    successfully.
    C:\Program Files\Microsoft Security
    Adviser\msctrl.log (Trojan.Downloader) ->
    Quarantined and deleted successfully.
    C:\Program Files\Microsoft Security
    Adviser\mssadv.log (Trojan.Downloader) ->
    Quarantined and deleted successfully.
    C:\Documents and Settings\Caroline\Start
    Menu\Programs\WhenU\Learn More About
    Save!.url (Adware.WhenU) -> Quarantined and
    deleted successfully.
    C:\Documents and Settings\Caroline\Start
    Menu\Programs\WhenU\Learn More About
    SaveNow.url (Adware.WhenU) -> Quarantined
    and deleted successfully.
    C:\Documents and Settings\Caroline\Start
    Menu\Programs\WhenU\Learn More About
    WhenU Save.url (Adware.WhenU) ->
    Quarantined and deleted successfully.
    C:\Documents and Settings\Caroline\Start
    Menu\Programs\WhenU\Learn More About
    WhenU SaveNow.url (Adware.WhenU) ->
    Quarantined and deleted successfully.
    C:\Documents and Settings\Caroline\Start
    Menu\Programs\WhenU\WhenU.com
    Website.url (Adware.WhenU) -> Quarantined
    and deleted successfully.
    C:\RECYCLER\S-1-5-21-606747145-
    1085031214-725345543-500\aliases.ini
    (Backdoor.Bot) -> Quarantined and deleted
    successfully.
    C:\RECYCLER\S-1-5-21-606747145-
    1085031214-725345543-500\control.ini
    (Backdoor.Bot) -> Quarantined and deleted
    successfully.
    C:\RECYCLER\S-1-5-21-606747145-
    1085031214-725345543-500\Desktop.ini
    (Backdoor.Bot) -> Quarantined and deleted
    successfully.
    C:\RECYCLER\S-1-5-21-606747145-
    1085031214-725345543-500\id3nt.txt
    (Backdoor.Bot) -> Quarantined and deleted
    successfully.
    C:\RECYCLER\S-1-5-21-606747145-
    1085031214-725345543-500\instsrv.exe
    (Backdoor.Bot) -> Quarantined and deleted
    successfully.
    C:\RECYCLER\S-1-5-21-606747145-
    1085031214-725345543-500\mirc.ico
    (Backdoor.Bot) -> Quarantined and deleted
    successfully.
    C:\RECYCLER\S-1-5-21-606747145-
    1085031214-725345543-500\mirc.ini
    (Backdoor.Bot) -> Quarantined and deleted
    successfully.
    C:\RECYCLER\S-1-5-21-606747145-
    1085031214-725345543-500\nicks.txt
    (Backdoor.Bot) -> Quarantined and deleted
    successfully.
    C:\RECYCLER\S-1-5-21-606747145-
    1085031214-725345543-500\popups.txt
    (Backdoor.Bot) -> Quarantined and deleted
    successfully.
    C:\RECYCLER\S-1-5-21-606747145-
    1085031214-725345543-500\remote.ini
    (Backdoor.Bot) -> Quarantined and deleted
    successfully.
    C:\RECYCLER\S-1-5-21-606747145-
    1085031214-725345543-500\script.ini
    (Backdoor.Bot) -> Quarantined and deleted
    successfully.
    C:\RECYCLER\S-1-5-21-606747145-
    1085031214-725345543-500\servers.ini
    (Backdoor.Bot) -> Quarantined and deleted
    successfully.
    C:\RECYCLER\S-1-5-21-606747145-
    1085031214-725345543-500\users.ini
    (Backdoor.Bot) -> Quarantined and deleted
    successfully.
    C:\WINDOWS\system32\sys.dll (Trojan.Starter)
    -> Quarantined and deleted successfully.
    C:\Documents and Settings\David\Application
    Data\avdrn.dat (Malware.Trace) -> Quarantined
    and deleted successfully.
    C:\Documents and Settings\David\Local
    Settings\Application Data\ave.exe
    (Rogue.MultipleAV) -> Quarantined and deleted
    successfully.
    ----------------------------------------
    End Part 1
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2010
    Posts
    22
    Rep Power
    0
    Part 2
    ------
    I mistakenly thought the virus had been totally
    discovered and removed. WRONG.

    Reopening my Firefox browser on the net and in
    10 minutes the virus was BACK.

    At that point I somewhat reluctantly decided to
    follow the process suggested by Porthos from the
    MalwareBytes folks, knowing it would be a
    lengthy process… and it was. However I
    followed it carefully step-by-step.

    I first ran CCleaner as directed, followed by ATF
    Cleaner as directed.

    Then I ran the MalwareBytes software again
    which produced the following log…\
    -----------------------------------------------------
    Malwarebytes' Anti-Malware 1.45
    Database version: 3970

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    4/9/2010 9:10:19 AM
    mbam-log-2010-04-09 (09-10-19).txt

    Scan type: Quick scan
    Objects scanned: 155780
    Time elapsed: 23 minute(s), 4 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    -----------------------------------------
    Well those results were encouraging…

    But I continued with the process.

    Next I ran SUPERAntiSpyware which produced
    the following log..
    -----------------------------------------

    SUPERAntiSpyware Scan Log
    Generated 04/09/2010 at 11:31 AM

    Application Version : 4.35.1000

    Core Rules Database Version : 4787
    Trace Rules Database Version: 2599

    Scan type : Complete Scan
    Total Scan Time : 01:43:46

    Memory items scanned : 462
    Memory threats detected : 0
    Registry items scanned : 9980
    Registry threats detected : 5
    File items scanned : 31805
    File threats detected : 550

    Unclassified.Unknown Origin
    HKU\.DEFAULT\Software\Microsoft\Windows\
    CurrentVersion\Ext\Stats\{827DC836-DD9F-
    4A68-A602-5812EB50A834}
    HKU\S-1-5-
    18\Software\Microsoft\Windows\CurrentVersion\
    Ext\Stats\{827DC836-DD9F-4A68-A602-
    5812EB50A834}

    Adware.180solutions/Search Assistant
    HKCR\MediaGateway.Installer
    HKCR\MediaGateway.Installer\CLSID
    HKCR\MediaGateway.Installer\CurVer


    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx_gov [
    C:\Documents and Settings\David\Application
    Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxxx [
    C:\Documents and Settings\David\Application
    Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx[
    C:\Documents and Settings\David\Application
    Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents
    and Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents
    and Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx[ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Firefox\Profiles\g3zg6n8b.default\c
    ookies.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx[ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx[ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx[ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx[ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx [ C:\Documents
    and Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx [ C:\Documents and
    Settings\David\Application Data\Application
    Data\Mozilla\Profiles\default\ywsaoqko.slt\cooki
    es.txt ]
    xxx [ C:\Documents and
    Settings\David\Application
    Data\Mozilla\Profiles\default\bqrbazgr.slt\cookie
    s.txt ]
    xxx[ C:\Documents and
    Settings\David\Application
    Data\Mozilla\Profiles\default\bqrbazgr.slt\cookie
    s.txt ]
    xxx [ C:\Documents and
    Settings\David\Application
    Data\Mozilla\Profiles\default\bqrbazgr.slt\cookie
    s.txt ]
    xxx [ C:\Documents and
    Settings\David\Application
    Data\Mozilla\Profiles\default\bqrbazgr.slt\cookie
    s.txt ]
    xxx [ C:\Documents and
    Settings\David\Application
    Data\Mozilla\Profiles\default\bqrbazgr.slt\cookie
    s.txt ]
    xxx [ C:\Documents and
    Settings\David\Application
    Data\Mozilla\Profiles\default\bqrbazgr.slt\cookie
    s.txt ]
    xxx [ C:\Documents and
    Settings\David\Application
    Data\Mozilla\Profiles\default\bqrbazgr.slt\cookie
    s.txt ]
    xxx [ C:\Documents and
    Settings\David\Application
    Data\Mozilla\Profiles\default\bqrbazgr.slt\cookie
    s.txt ]
    xxx [ C:\Documents and
    Settings\David\Application
    Data\Mozilla\Profiles\default\bqrbazgr.slt\cookie
    s.txt ]
    xxx [ C:\Documents and
    Settings\David\Application
    Data\Mozilla\Profiles\default\bqrbazgr.slt\cookie
    s.txt ]
    xxx [ C:\Documents and
    Settings\David\Application
    Data\Mozilla\Profiles\default\bqrbazgr.slt\cookie
    s.txt ]

    -------------------------------------------------
    end part 2
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2010
    Posts
    22
    Rep Power
    0
    I've also got the log from Hijack and i've edited it 5 different times and tried to post it, but it complains there is a URL
    in it.. but for my life I cannot find it. Arghhh!

    =================
    I then went back to the Ccleaner and ran the
    ‘wipe free disk space’ option ALONE ( I had
    purposfully not done it earlier. 8 hours later’
    that completed.

    I was feeling good about a fairly complete
    job having been done.

    So… Windows Task Manager (which I run at
    ALL times looked good. No ave.exe and no
    svchost hogging the system at 100% cpu time.

    So.. back to the net.

    In 10 minutes AVE.EXE was BACK.;
    ARGGGGH!

    So Malwarebytes was again and produced this..
    +==============================
    Malwarebytes' Anti-Malware 1.45

    Database version: 3973

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    4/10/2010 11:34:39 AM
    mbam-log-2010-04-10 (11-34-39).txt

    Scan type: Quick scan
    Objects scanned: 156227
    Time elapsed: 11 minute(s), 22 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 6
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Clien
    ts\StartMenuInternet\FIREFOX.EXE\shell\open\
    command\(default) (Hijack.StartMenuInternet) ->
    Bad: ("C:\Documents and Settings\David\Local
    Settings\Application Data\ave.exe" /START
    "firefox.exe") Good: (firefox.exe) -> Quarantined
    and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Clien
    ts\StartMenuInternet\IEXPLORE.EXE\shell\open
    \command\(default) (Hijack.StartMenuInternet) -
    > Bad: ("C:\Documents and Settings\David\Local
    Settings\Application Data\ave.exe" /START
    "iexplore.exe") Good: (iexplore.exe) ->
    Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Clien
    ts\StartMenuInternet\FIREFOX.EXE\shell\safem
    ode\command\(default)
    (Hijack.StartMenuInternet) -> Bad:
    ("C:\Documents and Settings\David\Local
    Settings\Application Data\ave.exe" /START
    "firefox.exe -safe-mode") Good: (firefox.exe -
    safe-mode) -> Quarantined and deleted
    successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Micr
    osoft\Security Center\AntiVirusDisableNotify
    (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -
    > Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Micr
    osoft\Security Center\FirewallDisableNotify
    (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -
    > Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Micr
    osoft\Security Center\UpdatesDisableNotify
    (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -
    > Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\David\Local
    Settings\Application Data\ave.exe
    (Rogue.MultipleAV) -> Quarantined and deleted
    successfully.
    ---------------------------------------------------

    It appears to me that the above log shows all that
    was discovered about JUST the ave.exe virus

    It is my observation that the infection SEEMS
    to be taking place when an item is chosen from
    a Google Search list, at which point my system
    appears to be redirected to a DIFFERENT
    website and by the time you notice that fact it is
    too late… BOOM you have the aquired the virus
    again.

    So is it FIXED? No. Do I want it fixed? Yes
    I will do most anything to assist. Just suggest

    eatc7402

    END of logs
  12. #7
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2010
    Posts
    22
    Rep Power
    0
    I have been doing more troubleshooting.

    YES it is true that something (I am assuming the ave.exe
    virus) has set any searches generated by a Google search
    to be REDIRECTED to a site that is DIFFERENT from the same
    search name displayed as TEXT for the identical searched item.


    • i chose the typical url from a generated url choice from a generated Google search list. I was directed NOT to that site but was re-directed to a different site that wanted to set some cookies. Having turned ON cookie security I denied
      setting of these cookies and the ave.exe virus was NOT re-installed


    • I copied the TEXT indication for the same link, copied and pasted it into Notepad, then recopied it from Notepad, and then pasted that result into the address bar a a new browser (Firefox) window,l and I was taken to the CORRECT site, and no cookies were asked for.


    MalwareBytes does discover the ave.exe virus, and does
    remove the ave.exe file and also six associated registry
    entries, but apparently there is an anther portion of the ave.exe virus that is more insistant on seeing to it that it
    will do all it can to see to it that once you got it, it will try
    to make sure that that you will contrinue to GET IT!!

    I'm not passing any blame, I'm just looking for the next
    step on how to get rid of the re-directing portiion of
    this VERY ANNOYING virus.

    eatc7402
  14. #8
  15. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2010
    Posts
    2
    Rep Power
    0

    Talking


    (eatc7402) Novice here nevertheless I have managed to learn a lot about your particular infection/hacking problem called (AVE.EXE). The information I have is very long and very complicated so I'll just highlight the basics - "sorry" I wish I could help you out more, anyway... AVE.EXE malware was installed into this computer by a hacker that installed a program with the unique name of (My Application) in the start menu - which may differr from computer to computer. You can only do the repairs in (SafeMode) attempting otherwise (will-not-be-successful). The hacker uses (Prefretch) to install MS DOS command files or visa-versa. Apparently the hacker uses an (automated process) that persistentantly sends a cookie called (content.yieldmanager.com/ak/) along with close similars that contains strings of spyware. The suspect spyware is called (Fun Web products), END.
    The physical location of the attacks seem to originate from three one of the following suspect countries: Germany, Thailand, Canada. After you supposedly remove the infection/virus/hacker's applications, dangerous files etc.) further attempts are made to your PC via (email spam) and whoever you network with where the malware/hacker has cleverly installed/hidden a ROOT command/network backdoor so the hacker can access back into your PC - (after you have been left with the impression of the problem being fully resolved which is, el-WRONG! (Hijackthis) fix software - is absolutely useless against (AVE.EXE). You must check all of your files (all of them!) - delete the offending files provided you can even identify the offending files and folders - the hacker behind (EVE.EXE) is a Guru class wizard so be ready for some serious shxxt. This is about all I have to say for now eatc740z - you're probably a lot more experienced in this sort of nasty stuff than I am so. Wait one last second, I do have more info but you need to request it - I don't want to waste my time on etc, etc unless you're truly interested - good luck
  16. #9
  17. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2010
    Posts
    2
    Rep Power
    0

    Devil Doll


    Hello (Devil Doll) here again. Be sure to check that you have (Administrator) control of your PC. The so called (AVE.EXE) virus/hacker attack has some way to take over as the Administrator - afther that happens you are basically finished. Like I said before, you have got to do whatever you do in (SafeMode) only - any attempts otherwise WILL FAIL!Have you received a cookie called (ar.atwola.com/adlyties) or (content.yieldmanager.com/ak/)that appear to introduce spyware threads? Well - this is how the offending process begins all over again inside my PC - it's taking place as I type you this message - it's a serious stinking problem that repates itself after you fix everything. I believe that you will discover that ALL of your security software has been de-activated. Furthermore (Javascript) will have been compromised(navigator.userAgent). (user agent strings) etc. AND the hacker/your so called virus has remote user acccess to your computer in real time. I have a considerable amount of locator detail as to who's doing the hacking - if you want the info simply ask and I'll convery hwat I can - just rember that I'm a newbi so you'll need to be very patient - but I will do what I can to help you. Try going to Norton, they have coped with the (AVE.EXE) virus successfully, maybe that will help.
    Originally Posted by eatc7402
    I am running XP (sp2). I was attacked by the ave.exe malware
    virus. After some reading and troubleshooting I was able to
    remove the ave.exe that was affecting my system by using
    the Malware software tool.

    So, now the ave.exe is gone but my system has been plagued
    with the following NEW symptoms that are plaugeing my pc.

    • There is now an svchost running at 100% cpu time that is tied to the DCOM launcher process

    • Both the Windows Media player and Winamp will no longer run any web based audio file

    • IE7 had to have the network services reset, or it would not start. Although I am a Firefox user and it continued to run as before


    I have run the Spybot 1.6.2. The RegCure software, and
    XoftSpySE tool. They all have removed numerious issues, NONE of which changed the above symptoms.

    I was running the BitDefender 2010 Internet Security with
    the firewall enabled, which not NOT prevent the original
    ave.exe attack from occurring.

    I am stuck with trying to figure what to do to remove the
    plagues I've been left with. Help would be appreciated.

    eact7402

IMN logo majestic logo threadwatch logo seochat tools logo