Home > I Have > I Have That AIM Virus (bestfriends.scr)

I Have That AIM Virus (bestfriends.scr)

i accidently downloaded bestfriends.scr, an aim virus....typical names for it are AOLMSNGR.exe or YAHOOMSG.exe, and i can't find either in my systerm32 folder... Accessing and setup of a Wireless Gateway Find everything you need to know about setting up your wireless gateway. i searched on google...i figured out how to delete it and where it would be but all the file names they said it should be under AREN'T there. 07-06-2004, 03:06 Main Page Copyright 2003-2016. navigate here

I would really appreciate any help! But the virus is still there after all this." Of course it's still there, you only ran malware removal programs. xdfimv.exe in "C:\WINDOWS\System32" 5. After you check the files and remove them, wait 10 seconds and have it scan again.

I have split off the latest posts into their own threads. I ran hijackthis but did not see any of the files you mentioned but did notice this one "O4 - HKCU\..\RunOnce: [AOL Messenger] AOLMSNGR.EXE" looked similar to the one on jordan24s Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) - http://www.wildtangent.com/webdrivers/webinstall/shockwave/Install.cab O16 - I have tried the removal instructions on both webpages, but am unable to do it, it's not working out.

Here's my log..any help would be deeply appreciated. When completed, close HijackThis and reboot your computer. All rights reserved. Short URL to this thread: https://techguy.org/245751 Log in with Facebook Log in with Twitter Log in with Google Your name or email address: Do you already have an account?

Run hijackthis again and put a checkmark against these entries....double check in case you miss anything.... .....then,close all browser and outlook windows including this one and "fix checked" O4 - HKLM\..\Run: When all are checked, click "Fix checked". Forgot your Password? If you see an item claiming to be "SECUREANTIVIRUS.EXE" an you never installed any such thing, then that's probably it.

We use cookies on this website. Also anything that said aolmessenger. Thank you!Logfile of HijackThis v1.97.7Scan saved at 10:05:30 PM, on 10/28/2004Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\SYMANT~1.1\DefWatch.exeC:\PROGRA~1\SYMANT~1.1\Rtvscan.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Microsoft Hardware\Keyboard\type32.exeC:\Program Files\DELL\AccessDirect\dadapp.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\DELL\AccessDirect\DadTray.exeC:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXEC:\Program Files\Common Files\AOL\ACS\AOLDial.exeC:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.

Please help! I posted my results below. There is a snort rule for it. Any suggestions? 0 TheBaron Austin, TX Jun 2004 edited Jun 2004 F8 gets your comp into safemode.

USA Posts: 762 Just delete anything created on the day you got the virus.. check over here I also cannot run 'msconfig' to start my computer in safe mode. Icrontic › All Discussions › Spyware & Virus Removal Talk to Us Twitter @icrontic Facebook Page IRC Channel Steam Group The 5¢ Tour About Us Our Epic History Team Fortress 2 Please do NOT select "open" when you click the link, but save it to your hard drive, preferably to your desktop so that you can find it later. 2) Run the

  • Make sure all are updated before doing any scans.
  • Gadi supplies the following snort signatures and report of his detective work: Snort: alert tcp any any -> any any (msg:"suspected botnet/educause by Gadi Evron"; content: "Albany.NYC.Greenpeace.org";) alert tcp $HOME_NET any
  • Options Mark as New Bookmark Subscribe Subscribe to RSS Feed Highlight Print Report JohnD- I ran adaware(in full scan in safe mode), Spybot, CWShredder, and spyblast and spyguard are also on
  • It's nice to know there's people out there as helpful as you.
  • There > > > is a snort rule for it. > > > > > If you notice traffic going to 81.91.66.220, you probably have > > > infected hosts. >
  • If you have Windows 2000 or XP: 1.
  • flyguyjm, Jul 3, 2004 #7 Sponsor
  • This thread has been Locked and is not open to further replies.

Now choose "apply to all folders" and click apply. Options Mark as New Bookmark Subscribe Subscribe to RSS Feed Highlight Print Report Take a look at the first post (READ THIS FIRST...) in this forum for some steps to take Assuming you have followed these steps correctly, you should now be rid of the problem. his comment is here IMPORTANT: If you are seeing many other effects like excessive pop-ups, "adult links" and extra toolbars in your Internet Explorer, the virus has also installed other programs called spyware and adware.

This virus not only interferes with AIM, but also prevents task manager, regedit, or msconfig from staying open. To remove this file for good, boot Windows into safe mode, select Start/Run and type "cmd" (without quotes) into the new dialog box and hit "Ok". Started at 11:00 AM Eastern today. -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jason Brooks Sent: Friday, January 21, 2005 1:19

Log In Register Log In Remember Me?

Log in or Sign up Tech Support Guy Home Forums > Security & Malware Removal > Virus & Other Malware Removal > Computer problem? All rights reserved. Cam Beasley Sr. Started at 11:00 AM Eastern today. > > > > > -----Original Message----- > > > From: The EDUCAUSE Security Discussion Group Listserv > > > [mailto:[log in to unmask]] On

Run another HijackThis and post the new log. 0 Kudos Posted by Kimbo1124 ‎07-04-2004 05:20 PM Visitor Member Since: ‎11-30-2003 Posts: 13 Message 5 of 11 (165 Views) Re: bestfriends.scr virus- I contacted the church that owns cbcica.org and let them know, and it was taken down. Please start a New Thread if you're having a similar issue.View our Welcome Guide to learn how to use this site. weblink I read some removal instrutions saying to get rid of anything that had anything related to yahoo.