We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
We're aware that some users are currently experiencing errors on the Forum. Our tech team is working to resolve the issue. Thanks for your patience.

Help needed to remove Trojan horse patched_c.LYU

12346»

Comments

  • Figment
    Figment Posts: 2,643 Forumite
    Part of the Furniture Combo Breaker
    The list showed the last 30 items to be installed, so it's probably something you've already uninstalled.

    I'm not 100% certain about the contents of these folders:
    c:\windows\9E897D0FF80441A3966C7BB6EB5B6BE8.TMP\
    C:\sh4ldr\

    and getting conflicting results in Google. Probably better if you can hang on until waddler returns.
    How do I add a signature?
  • -TangleFoot-
    -TangleFoot- Posts: 4,673 Forumite
    Part of the Furniture Combo Breaker
    Figment wrote: »
    C:\sh4ldr\

    Something to do with SpyHunter 4?
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Mbam running clean + AVG no longer detecting services.exe as being infected is a good sign. It seems as though combofix has had a right old battle with this one! The DDS log looks good.
    2012-06-28 22:48:13
    d
    w- C:\sh4ldr
    2012-06-28 22:48:13
    d
    w- c:\program files\Enigma Software Group
    2012-06-28 22:46:58
    d
    w- c:\windows\9E897D0FF80441A3966C7BB6EB5B6BE8.TMP
    2012-06-28 22:46:55
    d
    w- c:\program files\common files\Wise Installation Wizard
    2012-06-28 22:36:26
    d
    w- c:\users\samsung\appdata\roaming\SpeedyPC Software
    2012-06-28 22:36:26
    d
    w- c:\users\samsung\appdata\roaming\DriverCure
    2012-06-28 22:36:08
    d
    w- c:\programdata\SpeedyPC Software
    Yes, Enigma software's Spyhunter & other affiliate junk.

    Any problems?
  • kellyp
    kellyp Posts: 182 Forumite
    Part of the Furniture 100 Posts Name Dropper
    No Problems so far! Can I just delete the "junk" files?
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    edited 1 July 2012 at 7:02PM
    Yes. If they're installed, uninstall Spyhunter, DriverCure & SpeedyPC(pro?) via programs & features.

    Then delete these folders if they're still there.

    C:\sh4ldr
    c:\programdata\SpeedyPC Software
    c:\program files\Enigma Software Group
    c:\program files\common files\Wise Installation Wizard
    c:\users\samsung\appdata\roaming\DriverCure
    c:\users\samsung\appdata\roaming\SpeedyPC Software
    c:\windows\9E897D0FF80441A3966C7BB6EB5B6BE8.TMP
    appdata\roaming
    ... Is a hidden folder.
    Open a run command and copy/paste %appdata% in. The folders DriverCure & SpeedyPC Software should be in there.
  • kellyp
    kellyp Posts: 182 Forumite
    Part of the Furniture 100 Posts Name Dropper
    All done. Thank you to everyone for saving my netbook!
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Is combofix still on your desktop?

    Run this file: http://download.bleepingcomputer.com/sUBs/CF_UNINST.EXE

    Then create a new restore point & clear the previous ones.

    Click on Start > All Programs > Accessories > System Tools.
    1. Click on Start > Control Panel.
    2. Double click on System.
    3. On the left, click on the System Protection link.
    4. At the bottom right hand corner, click on the Create... button.
    5. Give the System Restore point a descriptive name and click on Create.
    6. You should receive a prompt that a System Restore point is created successfully. Click OK to confirm.
    7. Click OK again to close the System Protection window. Then close Control Panel.
    Don't clear infected System Restore points before creating a new System Restore point first!
    1. Right click on Disk Cleanup and select Run As Administrator to run it. UAC will prompt. Allow it.
    2. Select your C drive and click OK.
    3. Select the More Options tab.
    4. Under System Restore and Shadow Copies, click on the Clean up... button.
    5. You'll receive a prompt. Click on Delete to delete the old System Restore points.
    6. When it's done, click OK. You'll receive another prompt. Click Delete Files to confirm.
    7. When it's done, Disk Cleanup will automatically close.






This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 354.5K Banking & Borrowing
  • 254.4K Reduce Debt & Boost Income
  • 455.4K Spending & Discounts
  • 247.4K Work, Benefits & Business
  • 604.2K Mortgages, Homes & Bills
  • 178.5K Life & Family
  • 261.6K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture