| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 85813 | 2007-12-23 01:37:00 | My PC is infected by printer.exe and possibly ultimate defender | ineedhelp2008 (13207) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 623747 | 2007-12-23 19:18:00 | Thanks speedy, that website help a lot. I disabled my system restore and the file I delte stop coming back And I deleted spoolvs.exe, wowfx.dll, shell.exe, printer.exe and I have access to "control panel" and the "properties" of "My computer" but geedd.dll and geedd.exe are still there When I try to delete them in safe mode, it says geedd.dll is being used by another program (which I cannot find out what it is) and geedd.exe keep coming back right after I delete it.. And I find files like printer.exe.vir and spoolvs.exe.vir, the web says .vir means virus infected file. Do I have to delete them too? Or they are just file of antivirus Thank you all, I mean everyone |
ineedhelp2008 (13207) | ||
| 623748 | 2007-12-23 19:19:00 | I really appreciate the help from all of you Thank you all |
ineedhelp2008 (13207) | ||
| 623749 | 2007-12-23 19:31:00 | Good to hear ! If system restore is still disabled. Find and delete printer.exe, spoolvs.exe, wowfx.dll. If rogueremover is still installed, run it again, update it first there was an update last night then scan. It looks like geedd.dll belongs to vundo, which is adware. Get this (securityresponse.symantec.com) Which is from here (www.symantec.com) This removal tool MUST be run in safe mode. Also: If you are removing an infection from a network, first make sure that all the shares are disabled or set to Read Only. Make sure system restore is still disabled. And get this as well (securityresponse.symantec.com) Follow the info from here (www.symantec.com) |
Speedy Gonzales (78) | ||
| 623750 | 2007-12-23 19:32:00 | Oh.. Just find out another strange thing hijackthis find C:\windows\system32\wowfx.dll But When I go to the directory in safe mode, I can not find it. (I look up the hidden files as well) |
ineedhelp2008 (13207) | ||
| 623751 | 2007-12-23 19:38:00 | If you run hijackthis again and select the delete file on reboot option and then add, does wowfx.dll appear, when you go to c:\windows\system32?? If it does add it, then say yes to reboot. |
Speedy Gonzales (78) | ||
| 623752 | 2007-12-23 19:52:00 | And while youre at it. since system restore is still disabled, boot into safe mode. Log in (can you log in)? Open my computer / go to tools / folder options / view. Untick the hide protected operating system files. Right mouse on the system volume information folder / properties/ security tab. (If the security tab isnt there, untick use simple file sharing (under tools / folder options / view, down the bottom). Then click on add (this is under the security tab), type in the name that appears, when you click on the start menu (up the top), Click on check names, if its right it'll add the name. Then OK. Tick everything under allow. Then OK. Open the system volume information folder, and delete everything in it. If you've got more than 1 partition, or more than 1 hard drive, do the above for them as well. Then reboot. And once you get rid of that wowfx.dll, geedd.dll and geedd.exe file, reverse what you did in the registry. Or if right mouse on my computer / going to the system restore tab in normal windows works, go that way. |
Speedy Gonzales (78) | ||
| 623753 | 2007-12-23 20:15:00 | I cannot use the delete file on reboot in hijackthis. When I click the button, it closes hijackthis automatically I have cleared the all file in system volume information wowfx.dll come back when I delete it, and it says geedd.dll and geedd.exe are used by another program. I used the the norton removing tools suggested by speedy in safe mode. It says I am not infected. rougeremover says I am clean but wowfx.dll, geedd.dll, geedd.exe are still there |
ineedhelp2008 (13207) | ||
| 623754 | 2007-12-23 20:18:00 | Get Crossloop (www.crossloop.com) Install it, then send a PM to me, with the code under share, I think it is. I'll see if I can log into u remotely, and have a look. Did u try doing it in safe mode?? |
Speedy Gonzales (78) | ||
| 623755 | 2007-12-23 20:18:00 | I find this software that says can remove file on reboot, should I try this one? www.softwarepatch.com |
ineedhelp2008 (13207) | ||
| 623756 | 2007-12-23 20:22:00 | You can try it, I've heard of it, but never used it. | Speedy Gonzales (78) | ||
| 1 2 3 4 5 6 7 8 | |||||