• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
ged23

Padobot.Q -- ftpupd.exe

3 posts in this topic

I have just gor rid of one padobot and now I have another, what's going on?

 

Can some one check out this log file and let me know what are my best options with this Virus...

 

It just gave me some messages to use AVG to remove it...

 

They are located in :

C:\WINDOWS\system32\config\system profile\local settings\Temporary Internet Files\Content.IE5\S19JD6H5\x[1].exe

C:\WINDOWS\system32\ftpupd.exe

 

Your time is greatly appreciated. :)

 

LOG FILE:

Logfile of HijackThis v1.98.0

Scan saved at 2:52:24 PM, on 24/07/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

C:\WINDOWS\MXOALDR.EXE

C:\WINDOWS\System32\00THotkey.exe

C:\WINDOWS\System32\TPWRTRAY.EXE

C:\Program Files\D-Tools\daemon.exe

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\Program Files\Digidesign\Drivers\MMERefresh.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Gerard\My Documents\Hijack\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: ninemsn Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-au\msntb.dll

O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe

O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe

O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE

O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {226906C8-B910-11D3-82A3-0000F81A655B} (Mbayactx Control) - http://www.messagebay.co.kr/demo/little/mbayactx.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BA7D22E0-3909-4AC8-89BC-A3C58426C9D2}: NameServer = 168.126.63.1 168.126.63.2

Share this post


Link to post
Share on other sites

Ged,

 

DISABLE system restore and then reboot into SAFEMODE

 

and look for:

 

C:\WINDOWS\system32\ftpupd.exe and DELETE

 

Then look for :

 

C:\WINDOWS\system32\config\system profile\local settings\Temporary Internet Files\Content.IE5\S19JD6H5\x[1].exe and delete.

 

 

 

Then use the Disk Cleanup Utility to empty all your Temp folders.

 

After you are done - ENABLE system restore again !

Share this post


Link to post
Share on other sites

Hi got rid of one of the files but the only file that closely represents ftpupd.exe is ftp.exe is that the one I have to delete.....

 

From Ged

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0