• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
rofi1234

cannot remove sexcams_ch

5 posts in this topic

my mcafee security center detected this dialer. mcafee could not remove it. it states always: the file cannot be removed.

i read the faqs, run spybot and hijack this.

 

how do i get rid of this dialer?

Share this post


Link to post
Share on other sites

Part of the FAQ that you read says to post your HijackThis log ...

 

Can you please download HijackThis from this link, install it into C:\HJT. Run it, click on scan, save log and please post your entire log here for analysis.

 

Thank you.

Share this post


Link to post
Share on other sites

sorry didn't read properly

i still try to delete the file, but no chance. i can prevent it to acces the internet with "zonealarm".

 

here is my log file

 

 

Logfile of HijackThis v1.97.7

Scan saved at 10:14:26, on 10.06.2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\Atievxx.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\GEMEIN~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe

C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Programme\Microsoft Office\Office\OUTLOOK.EXE

C:\Programme\Internet Explorer\iexplore.exe

C:\Programme\Internet Explorer\iexplore.exe

C:\Programme\Internet Explorer\iexplore.exe

c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\Programme\Microsoft Office\Office\WINWORD.EXE

C:\Dokumente und Einstellungen\Support\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hijackthis1977.zip\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/

O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 7\SnagItBHO.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 7\SnagItIEAddin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll

O4 - HKLM\..\Run: [CountrySelection] pctptt.exe

O4 - HKLM\..\Run: [XTNDConnect PC - ErPhn2] C:\PROGRA~1\GEMEIN~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [windows auto update] msblast.exe

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup

O4 - Startup: Verknüpfung mit OUTLOOK.lnk = C:\Programme\Microsoft Office\Office\OUTLOOK.EXE

O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7864.2214236111

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

the file is under the following tree:

c:program files/scom/dialers/sexcams_ch/sexcams_ch.exe

 

sometimes it does create (i don't know on what occasion) a new file to:

c:windows/prefetch

 

tks for solving me the problem

roger

Share this post


Link to post
Share on other sites

PGPhantom, I wasn't trying to jump into your post but that one caught my eye.

--

rofi1234,

msblast.exe = W32/Lovsan.worm.a :alarm:

McAfee detects the dialer but not the above? hmm ... :whistle:

 

First thing to do is ...

 

Reconfigure Windows Explorer to show Hidden Files:

Open the Windows Explorer Folder Options - View [tab]:

 

Scroll down to the "Files and Folders" section.

Select: "Display the contents of system folders".

 

Scroll down to the "Hidden Files and Folders" section.

Select: "Show hidden files and folders", Ok the prompt

Uncheck: "Hide file extensions for known file types"

Uncheck: "Hide protected operating system files" Ok the Prompt, click Apply

 

Click the "Apply to all Folders" button. Close Windows Explorer.

 

Next:

 

Close all open windows, except for HijackThis place a check in each of the following:

Then click "Fix checked".

 

O4 - HKLM\..\Run: [windows auto update] msblast.exe

 

Then reboot, on restart, restart in Safe Mode (see "How To" below)

 

Open Windows Explorer locate and delete the following:

 

c:program files/scom/dialers <--this folder

Note: I'm not sure what "scom" (folder) is?

msblast.exe <--this file -locate via Start | Search (if exists?)

 

Restart normally and then ...

 

"Flush System Restore" (see "How To" below)

 

Basically turn off System Restore, reboot, run a full (updated) McAfee scan, reboot and turn System Restore back on and create a new Restore Point.

 

Disabling System Restore (McAfee article)

 

How To: Scan for unwanted programs

 

After the above post a fresh log ...

Edited by WinHelp2002

Share this post


Link to post
Share on other sites

Thank you winhelp2002 - This one will be interesting but at least you have delat with probably the worst one for me :)

 

rofi1234 - Please follow the "Excellent" advice from winhelp2002, and then post a fresh HijackThis log here for further review.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0