DISQUS

Hello! Tech-Recipes is using DISQUS, a powerful comment system, to manage its comments. Learn more.

Community Page

www.tech-recipes.com/ Jump to website »

Subscribe
- New Comments
Community
Top Commenters
- davak
  76 comments · 1 points
- shamanstears
  26 comments · 1 points
- Quinn McHenry
  23 comments · 2 points
- seamonkey420
  18 comments · 1 points
- flexinfo
  11 comments · 1 points
Popular Threads
- Firefox 3.5: How to Disable Location-Aware Browsing
  21 hours ago · 1 comment
- Using iPhone 3G S Voice Control Commands
  1 week ago · 7 comments
- iPhone 3.0: Show Battery Percentage
  1 week ago · 7 comments
- Windows 7: How to Reset the Recycle Bin
  6 days ago · 1 comment
- Windows 7: Make Aero Perform Faster
  2 weeks ago · 2 comments
Recent Comments
- Thank you so much
  1 hour ago by dual006
  
  in Vista: 800A0046. Permission denied. VBScript runtime error | Microsoft Vista | Tech-Recipes
- hey
  2 hours ago by mitch
  
  in MySpace: Hack to Dowload Any Song on Myspace | MySpace | Tech-Recipes
- Thanks mate, Just what I was looking for. It seemed to be a different way of doing things in Leopard than previous versions. Cheers, Mitch
  4 hours ago by Mitch
  
  in OS X: Change your PATH environment variable | Mac system administration | Tech-Recipes
- thanks, i couldnt remember.
  4 hours ago by Goddo
  
  in XP/Vista: View and change the computer name, domain, and workgroup settings | Windows | Tech-Recipes
- I did this in Garage band, but if forced me to trip the song to 8 seconds in order to send it to itunes ringtones - any ideas on this? Using the new 3GS.
  4 hours ago by dofo
  
  in iPhone: How to Create Free Ringtones | Apple iPhone | Tech-Recipes

Tech-Recipes

Cookbook of Tech Tutorials

Jump to original thread »

AIM: Best Friends / Away Message AIM Virus, Trojan, and Backdoor | Instant messaging | Tech-Recipes

Started by qdideas · 9 months ago

No excerpt available. Jump to website »

113 comments

Anonymous
4 years ago

I have this virus and i tried to follow what you say to do. The only problem is when i click for task manager, it only comes up for a second and then it disappears. It just won't stay up no matter how i pull it up! And the website you gave doesn't work. I've done a search and "run" for all the files that you say to look for and it can't find it... but i know you're talking about the same virus because it is exactly what i have! So please, Help me more! Email me at Asher689@hotmail.com PLEASE! This virus is really stressing me out and i've had it for about a month now. I've done tons of virus scans and i just can't get rid of it!

reply

Anonymous
4 years ago

I am having the exact same problem. REgedit and task manager will not open.

reply

guest
4 years ago

help me this virus is screwing my comp. i have the same problems of all of u

reply

MickeyMouse
4 years ago

The virus above has been edited and renamed by multiple different people. There is no way that I know to list all the potential names of files that you should be looking for. Examples:

<ul>tgbot_pecompact.exe
tgbot_upx_packed.exe
tgbot_upx_unpacked.exe
yahoomsgr.exe
7a938e2392b773c3f11b0952732b244a.exe
backdoor.spyboter.as.exe
backdoor.spyboter.gen[2].exe
aolmsngr.exe
zopytlrs.exe
msginav.exe
netdll.exe
netstatt.exe</ul>
If you can't use the task manager, then you won't be able to gain access to them to delete them anyway.

I am not going to reinstall this virus again to figure it out for you, so you guys are going to have to help me.

Has anybody tried rebooting into safe mode and using the recipe above?
Try one of these to get a working copy of taskmanager:
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
http://www.dougknox.com/xp/utils/xp_emerutils.htm

Let us know if you get your system fixed.

reply

davak
4 years ago

Great idea, Mickey. As many people probably do not know what is happening to their system, I am going to post a related recipe on this new advice. Those little freeware progies rock.

The new recipe is here:
http://www.tech-recipes.com/windows_tips648.html

reply

blonde5224
4 years ago

i give up.. i did everything you guys said and i get all the way to the system32 file and there is no aolmsngr.exe fiel at all.. i dont know why but its not fair and my computer is driving me crazy!!! :cry:

reply

Yo
4 years ago

OKOK DONT CRY!
Just download aimfix
http://www.jayloden.com/VirusClean.htm

reply

dafluffyjoe@yahoo.com
4 years ago

Last night and early into this morning a couple friends of mine had the same virus problem. My friend Chelsea got infected somehow and people clicked the link in her away message (hijacked away message) and it installed the virus on there computer. Its posing as a screen saver from the show friends. After seeing the file type and knowing it was an AIM virus I tried to warn people not to download, but there sheep :-/ . For me I installed it 3 times to figure it out. First off I have a firewall, and by blocking it from getting internet access it stops it. Ex. If you have a firewall, install the program, it asks for access to the internet and you deny. That will stop it overall. In XP I found that it went into several of my drivers containing Friends in the name. I run on Windows XP. Now, I manually searched it out and deleted several versions.
So far other than the recipe for deleting already I have found this works SOME of the time on 2000 pro and XP's.

First, find the original file and delete it... Or better yet, rename it to a txt. type of file.

Secondly, do several computer searches through the start menu, search for all files and folders; search for every word in the original file name individually, dont be lazy and search for the whole thing!

Thirdly, delete all those files and after all have been deleted and you double checked they stayed deleted, empty the recycle been if you already havent and pull your comps plug, or hold down power so they dont come back when saving your settings in Windows.

Boot up and dont access the internet right away. Search for all the files again and make sure they havent come back. Now go onto the internet and download the Zone Alarms firewall. Log off of the internet and install. Do a virus scan with as many virus programs as you can find... Free ones usually work, search for the files again and delete if necessary. Then log onto the internet. Make sure Zone alarms security is as high as possible, and dont let anything default access! If anything like aimsrg.exe or something that says AIM that you know isnt the AIM program trys to access then dont let it access :)

Goodluck!

reply

YO
4 years ago

OK
http://www.jayloden.com/VirusClean.htm
IT KILLS aLL AIM VIRUSES

reply

Guest
4 years ago

<ul id="quote"><h6>YO wrote:</h6>OK
http://www.jayloden.com/VirusClean.htm
IT KILLS aLL AIM VIRUSES</ul>

THANKS!!
U saved me alot of time.
i didnt want to follow the manual ways..
kinda long

reply

Anonymous
4 years ago

*Crying* people i tthink i really give up.. i was so excited i worked for hours with what you guys told me.. and i thought for sure i was in the clear bcus i hadnt seen the away message in days... i even helped all my friends get rid of theirs by sending them your guys link.. but somehow the virus had just been "in hiding" or something bcus it returned today.. pop up away note and all.. i even tried that AIMFIX thing that worked for everyone.. just not me =*(

reply

davak
4 years ago

<ul id="quote"><h6>Anonymous wrote:</h6>*Crying* people i tthink i really give up.. i was so excited i worked for hours with what you guys told me.. and i thought for sure i was in the clear bcus i hadnt seen the away message in days... i even helped all my friends get rid of theirs by sending them your guys link.. but somehow the virus had just been "in hiding" or something bcus it returned today.. pop up away note and all.. i even tried that AIMFIX thing that worked for everyone.. just not me =*(</ul>

Download hijack this...
http://www.richardthelionhearted.com/~merijn/downloads.html

Create a new thread and post your log file in our spyware forum.

Log files posted to this thread will be deleted. These clean outs get too confusing with multiple people posting log files...

Maybe one of us can help you.

reply

Anonymous
4 years ago

ok i downloaded hijackthis.. now where do i go from here?

reply

Anonymous
4 years ago

:x it wont let me do ctrl alt delete so ur effin rong

reply

AirLamps
4 years ago

I am trying to do that Alt+Ctrl+Del to get rid of the trojan virus, but everytime i do it, the window goes away. If the virus is making the indow disapear, how can i get rid of it?

reply

davak
4 years ago

<ul id="quote"><h6>AirLamps wrote:</h6>I am trying to do that Alt+Ctrl+Del to get rid of the trojan virus, but everytime i do it, the window goes away. If the virus is making the indow disapear, how can i get rid of it?</ul>

Read this:
http://www.tech-recipes.com/windows_tips648.html

reply

guest
4 years ago

I HAVE THE SAME DAMN PROBLEM AND NOTHIN WORKS SOMEONE HELP

reply

allie
4 years ago

i also have the Best Friends virus :cry: and I ran the HijackThis program and I was wondering if someone could take a look at my results and tell me what to delete....thanks! :D

Logfile of HijackThis v1.97.7
Scan saved at 9:20:23 PM, on 9/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32gearsec.exe
C:WINDOWSsystem32HPConfig.exe
C:Program FilesHPQNotebook UtilitiesHPWirelessMgr.exe
C:Program FilesNorton AntiVirusnavapsvc.exe
C:Program FilesNorton AntiVirusSAVScan.exe
C:WINDOWSSystem32MsPMSPSv.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesHPQOne-TouchOneTouch.EXE
C:Program FilesSynapticsSynTPSynTPLpr.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesHPHP Software UpdateHPWuSchd.exe
C:WINDOWSSystem32hphmon05.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesRoxioEasy CD Creator 6DragToDiscDrgToDsc.exe
C:WINDOWSSystem32carpserv.exe
C:Program FilesRealRealPlayerRealPlay.exe
C:WINDOWSSystem32spooldriversw32x863hpztsb08.exe
C:Program FilesUlead SystemsUlead Photo Explorer 8.0 SE BasicMonitor.exe
C:Program FilesViewpointViewpoint ManagerViewMgr.exe
C:WINDOWSSystem32ELIMIEXPLORER.EXE
C:WINDOWSSystem32dp-him.exe
C:documents and settingsallisonlocal settingstempNb.exe
C:Program FilesWinad ClientWinad.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesWinad ClientWinClt.exe
C:PROGRA~1AWSWEATHE~1Weather.exe
C:Documents and SettingsAllisonApplication Dataamee.exe
C:PROGRA~1Web Offerwo.exe
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:WINDOWSSystem32RUNDLL32.exe
C:Documents and SettingsAllisonLocal SettingsTempTemporary Directory 1 for hjt.zipHijackThis.exe
C:WINDOWSexplorer.exe
C:WINDOWSsystem32notepad.exe
C:Program FilesAIMaim.exe
C:Program FilesInternet Exploreriexplore.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie...
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://yahoo.com/
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={S...
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie...
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp...
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie...
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,Shellnext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp...
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie...
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie...
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
R3 - URLSearchHook: BrowserAngel Sidepanel - {D6CA5D91-5EA2-4654-9B75-499267012611} - C:Program FilesSearchLocatesidebar.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {49A83909-9A32-04C4-8605-645504A0733E} - C:WINDOWSSystem32wccetxz.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:WINDOWS2_0_1browserhelper2.dll (file missing)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:PROGRA~1COMMON~1WinToolsWToolsB.dll (file missing)
O2 - BHO: (no name) - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:WINDOWSSystem32nvms.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program FilesNorton AntiVirusNavShExt.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:Program FilesSEPsep.dll
O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:WINDOWSSystem32mscb.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:Documents and SettingsAllisonLocal SettingsTempK5.dll
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:WINDOWSSystem32msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:Program FilesNorton AntiVirusNavShExt.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:Program FilesSEPsep.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:Program FilesAIM ToolbarAIMBar.dll
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: BA Toolbar - {952EC978-4920-4F18-8237-91D69B54C580} - C:Program FilesSearchLocatesidebar.dll
O4 - HKLM..Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [iTunesHelper] C:Program FilesiTunesiTunesHelper.exe
O4 - HKLM..Run: [TV Now] C:Program FilesHPQNotebook UtilitiesTvNow.exe /RK
O4 - HKLM..Run: [Display Settings] C:Program FilesHPQNotebook Utilitieshptasks.exe /s
O4 - HKLM..Run: [QT4HPOT] C:Program FilesHPQOne-TouchOneTouch.EXE
O4 - HKLM..Run: [SynTPLpr] C:Program FilesSynapticsSynTPSynTPLpr.exe
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [HP Software Update] "C:Program FilesHPHP Software UpdateHPWuSchd.exe"
O4 - HKLM..Run: [HPHUPD05] c:Program FilesHP{45B6180B-DCAB-4093-8EE8-6164457517F0}hphupd05.exe
O4 - HKLM..Run: [HPHmon05] C:WINDOWSSystem32hphmon05.exe
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [NAV CfgWiz] C:Program FilesCommon FilesSymantec SharedCfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM..Run: [RoxioEngineUtility] "C:Program FilesCommon FilesRoxio SharedSystemEngUtil.exe"
O4 - HKLM..Run: [RoxioDragToDisc] "C:Program FilesRoxioEasy CD Creator 6DragToDiscDrgToDsc.exe"
O4 - HKLM..Run: [Cpqset] C:Program FilesHPQDefault Settingscpqset.exe
O4 - HKLM..Run: [CARPService] carpserv.exe
O4 - HKLM..Run: [WildTangent CDA] RUNDLL32.exe "C:Program FilesWildTangentAppsCDAcdaEngine0400.dll",cdaEngineMain
O4 - HKLM..Run: [RealTray] C:Program FilesRealRealPlayerRealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb08.exe
O4 - HKLM..Run: [Ulead AutoDetector] C:Program FilesUlead SystemsUlead Photo Explorer 8.0 SE BasicMonitor.exe
O4 - HKLM..Run: [4S2NSLA3QS#366] C:WINDOWSSystem32Uah05H5X.exe
O4 - HKLM..Run: [STOPzilla] "C:Program FilesSTOPzilla!Stopzilla.exe" /autorun
O4 - HKLM..Run: [ViewMgr] C:Program FilesViewpointViewpoint ManagerViewMgr.exe
O4 - HKLM..Run: [WinTools] C:Program FilesCommon FilesWinToolsWToolsA.exe
O4 - HKLM..Run: [MS Decryption Software] C:active.exe
O4 - HKLM..Run: [ElimiExplorer Popup Killer] ELIMIEXPLORER.EXE
O4 - HKLM..Run: [Bakra] C:WINDOWSSystem32IEHost.exe
O4 - HKLM..Run: [BullsEye Network] C:Program FilesBullsEye Networkbinbargains.exe
O4 - HKLM..Run: [Nb] C:documents and settingsallisonlocal settingstempNb.exe
O4 - HKLM..Run: [rbklopt] C:WINDOWSSystem32oefwal.exe
O4 - HKLM..Run: [tE7h34e] webwvdrv.exe
O4 - HKLM..Run: [v9e9LQ] C:documents and settingsallisonlocal settingstempv9e9LQ.exe
O4 - HKLM..Run: [Wast] C:WINDOWSwast2.exe 2
O4 - HKLM..Run: [WebRebates0] C:Program FilesWeb_RebatesWebRebates0.exe
O4 - HKLM..Run: [WhenUSearch] "C:Program FilesWhenUSearchSearch.exe"
O4 - HKLM..Run: [Winad Client] C:Program FilesWinad ClientWinad.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [Weather] C:PROGRA~1AWSWEATHE~1Weather.exe 1
O4 - HKCU..Run: [Aaou] C:Documents and SettingsAllisonApplication Dataamee.exe
O4 - HKCU..Run: [cponRQK2h] wldppcmp.exe
O4 - HKCU..Run: [eZWO] C:PROGRA~1Web Offerwo.exe
O4 - HKCU..Run: [Xapfwum] C:WINDOWSSystem32zpnq.exe
O4 - HKCU..Run: [AIM] C:Program FilesAIMaim.exe -cnetwait.odl
O4 - HKCU..RunOnce: [ElimiExplorer Popup Killer] ELIMIEXPLORER.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe
O8 - Extra context menu item: &AIM Search - res://C:Program FilesAIM ToolbarAIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~3OFFICE11EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US& c=Q304&bd=pavilion&pf=laptop
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=i... 907e4148fd1d29fad859e525ad8568bdc3764094eb7f91045542a37d088d79e68c7 12ee227e98860cf4b1e32:120063 d13f3d84912076874f6c66d459
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/trickle...
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6...
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://141.165.32.35/activex/AxisCamControl.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstalle...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/...

reply

lisa
4 years ago

I downloaded Hijack this and this is my log. My daughter admitted to clicking on the IM away link and now every 2 minutes AIM attempts to load and it is driving me crazy. CTRL Alt Delete is not working, I also downloaded procexpnt and tried to manually get rid of it. Help, does anyone know anything about this log?
ogfile of HijackThis v1.98.2
Scan saved at 10:26:31 PM, on 9/9/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINNTSystem32smss.exe
C:WINNTsystem32winlogon.exe
C:WINNTsystem32services.exe
C:WINNTsystem32lsass.exe
C:WINNTsystem32svchost.exe
C:WINNTsystem32spoolsv.exe
C:WINNTCpqdiagCpqdfwag.exe
C:PROGRA~1SYMANT~1SYMANT~1DefWatch.exe
C:WINNTSystem32svchost.exe
C:WINNTSystem32NMSSvc.exe
C:PROGRA~1SYMANT~1SYMANT~1Rtvscan.exe
C:WINNTsystem32regsvc.exe
C:WINNTsystem32MSTask.exe
C:WINNTSYSTEM32ZoneLabsvsmon.exe
C:WINNTSystem32WBEMWinMgmt.exe
C:WINNTsystem32svchost.exe
C:WINNTExplorer.EXE
C:WINNTsystem32hkcmd.exe
C:Program FilesAnalog DevicesSoundMAXSmtray.exe
C:Program FilesCOMPAQEasy Access Button SupportStartEAK.exe
C:PROGRA~1SYMANT~1SYMANT~1vptray.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:Program FilesViewpointViewpoint ManagerViewMgr.exe
C:Program FilesWinad ClientWinad.exe
C:WINNTsystem32MSCRON.EXE
C:Program FilesWinad ClientWinClt.exe
C:WINNTsystem32nbzkrw.exe
C:active.exe
C:Program FilesCompaqEasy Access Button SupportCPQEADM.EXE
C:CompaqEAKDRVEAUSBKBD.EXE
C:PROGRA~1CompaqEASYAC~1BttnServ.exe
C:Program FilesWeb_RebatesWebRebates1.exe
C:WINNTSYSTEM32ElimiExplorer.exe
C:WINNTSystem32svchost.exe
C:PROGRA~1MICROS~2Office10WINWORD.EXE
C:Program FilesWeb_RebatesWebRebates0.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesAIMaim.exe
C:Documents and SettingsAdministratorMy DocumentsHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://aimhome.netscape.com/aimhome.adp
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:WINNTsystem32nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:WINNTsystem32mscb.dll
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:Program FilesNavExcel Search ToolbarNavExcelBar.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:WINNTsystem32msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINNTsystem32msdxm.ocx
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:Program FilesNavExcel Search ToolbarNavExcelBar.dll
O4 - HKLM..Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM..Run: [IgfxTray] C:WINNTsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINNTsystem32hkcmd.exe
O4 - HKLM..Run: [Smapp] C:Program FilesAnalog DevicesSoundMAXSmtray.exe
O4 - HKLM..Run: [CPQEASYACC] C:Program FilesCOMPAQEasy Access Button SupportStartEAK.exe
O4 - HKLM..Run: [vptray] C:PROGRA~1SYMANT~1SYMANT~1vptray.exe
O4 - HKLM..Run: [Zone Labs Client] "C:Program FilesZone LabsZoneAlarmzlclient.exe"
O4 - HKLM..Run: [ViewMgr] C:Program FilesViewpointViewpoint ManagerViewMgr.exe
O4 - HKLM..Run: [Winad Client] C:Program FilesWinad ClientWinad.exe
O4 - HKLM..Run: [Microsoft CronD Service] MSCRON.EXE
O4 - HKLM..Run: [WebRebates0] "C:Program FilesWeb_RebatesWebRebates0.exe"
O4 - HKLM..Run: [nzjebgren] C:WINNTsystem32nbzkrw.exe
O4 - HKLM..Run: [MS Decryption Software] C:active.exe
O4 - HKLM..Run: [ElimiExplorer Popup Killer] ELIMIEXPLORER.EXE
O4 - HKLM..RunServices: [CPQDFWAG] C:WINNTCpqdiagCpqDfwAg.exe
O4 - HKCU..Run: [areslite] "C:Program FilesAres Lite EditionAresLite.exe" -h
O4 - HKCU..RunOnce: [Microsoft CronD Service] MSCRON.EXE
O4 - HKCU..RunOnce: [ElimiExplorer Popup Killer] ELIMIEXPLORER.EXE
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 - Extra context menu item: Web Rebates - file://C:Program FilesWeb_RebatesSy1150Tp1150scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINNTsystem32msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINNTsystem32msjava.dll

reply

davak
4 years ago

Allie!
C:documents and settingsallisonlocal settingstempNb.exe

Known backdoor.

C:Program FilesWinad ClientWinad.exe
C:Program FilesWinad ClientWinClt.exe

Spyware

C:PROGRA~1Web Offerwo.exe

Spyware

------------------------------

You obviously have a very sick computer. I just highlighted the ones that jumped out at me. I would tackle/delete NB.exe first.

Download spybot at http://www.safer-networking.org/en/index.html

Let us know if that helps! Try to keep us updated.

reply

davak
4 years ago

C:Program FilesWinad ClientWinad.exe

SPY

C:WINNTsystem32MSCRON.EXE

?

C:Program FilesWinad ClientWinClt.exe

Spy

C:WINNTsystem32nbzkrw.exe

Likely spy, spy, trojan...

C:active.exe

Backdoor.Hornet
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.hornet.html

---------------------

Lisa... here are the files that are jumping out at me. Read the urls noted above, delete the evil ones noted above, and run some spyware removal.
http://www.safer-networking.org/en/index.html

Let us know how you are doing...

reply

davak
4 years ago

Please start a new forum thread when posting hijack this files.

Cleaning a system like this requires a lot of work... by starting a new forum post we can keep it straight.

Also, before posting your file, please run an updated anti-virus and at least one or two anti spyware programs. This will help reduce that amount of junk that you have in your system... and make our jobs easier.

spybot - http://www.safer-networking.org/en/index.html
adaware - http://www.lavasoftusa.com/software/adaware/
avg free antivirus - http://free.grisoft.com/freeweb.php

Thanks!

reply

Anonymous
4 years ago

<ul id="quote"><h6>davak wrote:</h6>Allie!
C:documents and settingsallisonlocal settingstempNb.exe

Known backdoor.

C:Program FilesWinad ClientWinad.exe
C:Program FilesWinad ClientWinClt.exe

Spyware

C:PROGRA~1Web Offerwo.exe

Spyware

------------------------------

You obviously have a very sick computer. I just highlighted the ones that jumped out at me. I would tackle/delete NB.exe first.

Download spybot at http://www.safer-networking.org/en/index.html

Let us know if that helps! Try to keep us updated.</ul>

Thanks so much...it seems to be doing better now. I was losing hope because I dowloaded AimFix and SpyBot and niether of them caught what it was....so thank you soooo much for helping me out! I'll let you know if there are any other problems. :D --Allie

reply

fitz
4 years ago

oh my god, this virus won't go away. i've tried aim fix (it closes each time it tries to run), checked system 32, done about 4 virus scans in the last 12 hours, downloaded that program to replace task manager, etc etc etc. helppppp.

reply

guest - lisa
4 years ago

Thanks for looking at the log I posted and alerting me to some problems. I have been able to delete active.exe, winnt/system32/nbzkrw.exe, and winnt/system32/MSCRON.exe; however, winad.exe will not allow me to delete. I went to grisoft and downloaded AVG free, but I am having problems installing it. I get an error that says "The system file is not suitable for running MS-DOS and Microsoft Windows applications" "Choose close to terminate the application" My computer is a Compaq EVO running Windows XP. I also uninstalled AIM, was this necessary? Thanks for all your help!!!
smiles,
lisa

reply

fitz
4 years ago

<ul id="quote">here's my hijack this log...please help !</ul>
log file removed

Please start a new forum thread when posting hijack this files.

Cleaning a system like this requires a lot of work... by starting a new forum post we can keep it straight.

Also, before posting your file, please run an updated anti-virus and at least one or two anti spyware programs. This will help reduce that amount of junk that you have in your system... and make our jobs easier.

spybot - http://www.safer-networking.org/en/index.html
adaware - http://www.lavasoftusa.com/software/adaware/
avg free antivirus - http://free.grisoft.com/freeweb.php

Thanks!

reply

guest
4 years ago

i downloaded AIM fix and it didnt help.

reply

Anonymous
4 years ago

:( :( :( ...I'm back again. Things seemed to be fixed after I deleted the stuff you told me to delete but only a few hours later, the problem was back again. I don't know what to do now - I can't get rid of this thing! A couple of my friends have picked it up from me, also, because my AIM automatically signs itself online and puts up the away message without me knowing. I have uninstalled AIM for now but I'm in college and I need my computer to work for my papers and right now its basically inoperable. Please help! Thanks so much!! :D

PS - I'll post my HijackThis results again if it would help...

reply

Calientay314
4 years ago

Hey guys. I know and understnad all of your problems. I only had the virus for two days before realizing how to get rid of it...you need to download AIM fix...from http://www.jayloden.com/VirusClean.htm its soo easy...just download it and it will fix it in like 4 seconds. I was a little hestitant to download it..but its well worth it because now im back to using aim. Even though my Norton Anti Virus did not at first pick up the virus...after downloading AIMFIX it gave me a notice and deleted it right away. If this doesnt work for u...i dont know what will. Have a good day. :

reply

Anonymous
4 years ago

<ul id="quote"><h6>Calientay314 wrote:</h6>Hey guys. I know and understnad all of your problems. I only had the virus for two days before realizing how to get rid of it...you need to download AIM fix...from http://www.jayloden.com/VirusClean.htm its soo easy...just download it and it will fix it in like 4 seconds. I was a little hestitant to download it..but its well worth it because now im back to using aim. Even though my Norton Anti Virus did not at first pick up the virus...after downloading AIMFIX it gave me a notice and deleted it right away. If this doesnt work for u...i dont know what will. Have a good day. :</ul>

Doesn't work....tried it long ago :cry:

reply

davak
4 years ago

<ul id="quote"><h6>guest - lisa wrote:</h6>Thanks for looking at the log I posted and alerting me to some problems. I have been able to delete active.exe, winnt/system32/nbzkrw.exe, and winnt/system32/MSCRON.exe; however, winad.exe will not allow me to delete. I went to grisoft and downloaded AVG free, but I am having problems installing it. I get an error that says "The system file is not suitable for running MS-DOS and Microsoft Windows applications" "Choose close to terminate the application" My computer is a Compaq EVO running Windows XP. I also uninstalled AIM, was this necessary? Thanks for all your help!!!
smiles,
lisa</ul>

The new version of hijack this contains a process killer. Do this...
1. Open Hijack this
2. Click the Config button
3. Click Open Process Manager
4. Click on the following one by one and then press the Kill Process button
<ul>C:Program FilesWinad ClientWinad.exe
C:WINNTsystem32MSCRON.EXE
C:Program FilesWinad ClientWinClt.exe
C:WINNTsystem32nbzkrw.exe
C:active.exe </ul>

Likely you have already removed some of these. Once you do this, go and delete the files. Then install your antivirus and spy removal programs. Let us know if it works.

reply

davak
4 years ago

<ul id="quote"><h6>Anonymous wrote:</h6>:( :( :( ...I'm back again. Things seemed to be fixed after I deleted the stuff you told me to delete but only a few hours later, the problem was back again. I don't know what to do now - I can't get rid of this thing! A couple of my friends have picked it up from me, also, because my AIM automatically signs itself online and puts up the away message without me knowing. I have uninstalled AIM for now but I'm in college and I need my computer to work for my papers and right now its basically inoperable. Please help! Thanks so much!! :D

PS - I'll post my HijackThis results again if it would help...</ul>

Who is this? We have about a million guests! :)

reply

Allie
4 years ago

<ul id="quote"><h6>davak wrote:</h6></ul><ul id="quote"><h6>Anonymous wrote:</h6>:( :( :( ...I'm back again. Things seemed to be fixed after I deleted the stuff you told me to delete but only a few hours later, the problem was back again. I don't know what to do now - I can't get rid of this thing! A couple of my friends have picked it up from me, also, because my AIM automatically signs itself online and puts up the away message without me knowing. I have uninstalled AIM for now but I'm in college and I need my computer to work for my papers and right now its basically inoperable. Please help! Thanks so much!! :D

PS - I'll post my HijackThis results again if it would help...</ul>

Who is this? We have about a million guests! :)

Oh...sorry...this is Allie. I forgot to type my name... :oops: I'm using Trillian instead of AIM at the moment but the virus is still messing with my AIM and other parts of the computer....help!
Thanks, Allie :D

reply

davak
4 years ago

These are the things you need to use hijack this to fix.

First install hijack this into a real folder... and get the latest version. You are running an older version. You don't need it in a temp folder so it can make backups for you.

Boot into safe mode first.

Run hijack this and use the process killer to stop these processes. You can find the process killer in the configuration portion of the latest hijack this.

Kill these Running processes:
C:documents and settingsallisonlocal settingstempNb.exe
C:Program FilesWinad ClientWinad.exe
C:Program FilesWinad ClientWinClt.exe
C:Documents and SettingsAllisonApplication Dataamee.exe
C:PROGRA~1Web Offerwo.exe

Then go to your add/remove software section and remove winad if it shows up. Uninstall "WEB OFFER" as well.

Open explorer and show hidden files and folders
(Tools |Folder Options | View).

Now go and delete the files listed in the processes above.

Use Hijack this to "fix" these entries

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:WINDOWS2_0_1browserhelper2.dll (file missing)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:PROGRA~1COMMON~1WinToolsWToolsB.dll (file missing)
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:Program FilesSEPsep.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:Documents and SettingsAllisonLocal SettingsTempK5.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:Program FilesSEPsep.dll
O4 - HKLM..Run: [WildTangent CDA] RUNDLL32.exe "C:Program FilesWildTangentAppsCDAcdaEngine0400.dll",cdaEngineMain
O4 - HKLM..Run: [4S2NSLA3QS#366] C:WINDOWSSystem32Uah05H5X.exe
O4 - HKLM..Run: [WinTools] C:Program FilesCommon FilesWinToolsWToolsA.exe
O4 - HKLM..Run: [MS Decryption Software] C:active.exe
O4 - HKLM..Run: [Bakra] C:WINDOWSSystem32IEHost.exe
O4 - HKLM..Run: [BullsEye Network] C:Program FilesBullsEye Networkbinbargains.exe
O4 - HKLM..Run: [Nb] C:documents and settingsallisonlocal settingstempNb.exe
O4 - HKLM..Run: [rbklopt] C:WINDOWSSystem32oefwal.exe
O4 - HKLM..Run: [tE7h34e] webwvdrv.exe
O4 - HKLM..Run: [v9e9LQ] C:documents and settingsallisonlocal settingstempv9e9LQ.exe
O4 - HKLM..Run: [Wast] C:WINDOWSwast2.exe 2
O4 - HKLM..Run: [WebRebates0] C:Program FilesWeb_RebatesWebRebates0.exe
O4 - HKLM..Run: [WhenUSearch] "C:Program FilesWhenUSearchSearch.exe"
O4 - HKLM..Run: [Winad Client] C:Program FilesWinad ClientWinad.exe
O4 - HKCU..Run: [Aaou] C:Documents and SettingsAllisonApplication Dataamee.exe
O4 - HKCU..Run: [cponRQK2h] wldppcmp.exe
O4 - HKCU..Run: [eZWO] C:PROGRA~1Web Offerwo.exe
O4 - HKCU..Run: [Xapfwum] C:WINDOWSSystem32zpnq.exe
O2 - BHO: (no name) - {49A83909-9A32-04C4-8605-645504A0733E} - C:WINDOWSSystem32wccetxz.dll

As you can see, you have more spyware than real software. The odds of getting everything off without killing your system is getting smaller and smaller.

Delete these files next:

C:WINDOWSSystem32zpnq.exe
C:PROGRA~1Web Offerwo.exe
C:Documents and SettingsAllisonApplication Dataamee.exe
C:Program FilesWinad ClientWinad.exe
C:Program FilesWhenUSearchSearch.exe
C:documents and settingsallisonlocal settingstempv9e9LQ.exe
C:WINDOWSSystem32Uah05H5X.exe
C:Program FilesCommon FilesWinToolsWToolsA.exe
C:active.exe
C:WINDOWSSystem32IEHost.exe
C:Program FilesBullsEye Networkbinbargains.exe
C:documents and settingsallisonlocal settingstempNb.exe

Now run spybot and adaware... and anything else you got that might help.
http://www.tech-recipes.com/windows_tips674.html

Let us know how you are doing!

reply

amber
4 years ago

this virus is driving me f'n crazyy ! i tried everythinggg.. the jay loden thingg.. a virus scann.. nd the crtl alt dlt thing.. it wont f'n workk ! helpp me outt heree !!!! :x :x :x :x :evil: :evil: :evil: :evil:

reply

Anonymous
4 years ago

<ul id="quote"><h6>Guest wrote:</h6></ul><ul id="quote"><h6>YO wrote:</h6>OK
http://www.jayloden.com/VirusClean.htm
IT KILLS aLL AIM VIRUSES</ul>

THANKS!!
U saved me alot of time.
i didnt want to follow the manual ways..
kinda long

The message I received was "Unable to open processes to terminate"

what next?

reply

davak
4 years ago

<ul id="quote"><h6>Anonymous wrote:</h6></ul><ul id="quote"><h6>Guest wrote:</h6></ul><ul id="quote"><h6>YO wrote:</h6>OK
http://www.jayloden.com/VirusClean.htm
IT KILLS aLL AIM VIRUSES</ul>

THANKS!!
U saved me alot of time.
i didnt want to follow the manual ways..
kinda long

The message I received was "Unable to open processes to terminate"

what next?

First... have you tried to boot to safe mode and then try the above steps?

Second... have you tried installing this program?
http://www.sysinternals.com/ntw2k/freeware/proc...

You can use it instead of ctrl-alt-del to kill processes.

You can even install hijack this and paste the log into a new forum thread.

Whining without giving us any information will not help.

reply

Anonymous
4 years ago

there is only one solution
u must use "system restore" in contol panel

reply

Anonymous
4 years ago

I DID IT!!!

u should not do this if u have done something very important on ur computer lately.

go into contol panel
pick performance and matinance
on the top left, it should say system restore
this program lets you set back your computer exactly as it was at a differerent time
choose a couple days before u got the virus

reply

MickeyMouse
4 years ago

<ul id="quote"><h6>Anonymous wrote:</h6>I DID IT!!!

u should not do this if u have done something very important on ur computer lately.

go into contol panel
pick performance and matinance
on the top left, it should say system restore
this program lets you set back your computer exactly as it was at a differerent time
choose a couple days before u got the virus</ul>

Sweet! This is one of the recommendations in Davak's general spyware removal hint sheet:

http://www.tech-recipes.com/windows_tips674.html

reply

Anonymous
4 years ago

<ul id="quote"><h6>Anonymous wrote:</h6>I am having the exact same problem. REgedit and task manager will not open.</ul>

reply

Anonymous
4 years ago

if your rededit / taskmgr aren't working, here is a little tip that I learned to get it to work temoporarily.

go into the c:/windows/system32 folder and find the filename for the program you want to run that isn't working correctly. copy the file to the same location and rename it with a .com extention instead of a .exe . Some viruses out there are killing the .exe processes, but aren't accounting for a .com extention.

reply

Anonymous
4 years ago

<ul id="quote"><h6>Anonymous wrote:</h6>I am having the exact same problem. REgedit and task manager will not open.</ul>

reply

Anonymous
4 years ago

http://geocities.com/cumquat18/elimiexplorer.html

getting the virus off of your computer

reply

Anonymous
4 years ago

I had the same virus, so I wrote a little "self help", i'll copy + paste it here, instead of the link b/c i'm sure people are wary of clicking links

(my AIM is fsck you trebek if you need more help)

So, you or someone that uses your computer clicked on the Aol Instant Messenger profile that had "OMFG my best friends are soo good looking" or "i never knew myself untill...." or whatever!
your task manager disappears? you can't run regedit (get into your registry)? you can't run msconfig (to reboot into safemode) ?
you've got a virus!
Norton's, McAfee, anti-virus scans, etc won't help you here (yet).
What you need to do is go and download what's called "Process Explorer" here http://www.sysinternals.com/ntw2k/freeware/proc...
Run it, and terminate the process called "ElimiExplorer.exe"
Than, go into your System32 Folder C:/Windows/System32 (make sure you can view your hidden folders, to do that: go into System32, click on TOOLS, than FOLDER OPTIONS, than click on the tab VIEW, than go to where it says "SHOW HIDDEN FILES/FOLDERS" and make sure the bullet next to it is highlited"
than, look for a program called "ElimiExplorer.exe" DELETE IT. than, also look for a file called keylog.exe DELETE IT. than, on your taskbar go to START---->RUN---->regedit than EDIT (at the top) ---->FIND---> than type in ElimiExplorer.exe when it finds it, next to ElimiExplorer.exe it will say "Popup Killer" IT LIED. it's just a ploy to get you to not delete it. DELETE IT. than empty your recycle bin. than, to be safe, go to START (on your taskbar)--->SEARCH ...files/folders....than type in ElimiExplorer.exe (after you've emptied your recycle bin) to make sure it's not on your computer anymore WALAH you're done! :-D

(begging snipped)

Mod Edit: Great advice... but no begging for donations.

reply

davak
4 years ago

Good advice... there are several problems with this bug. First of all, it is usually packaged with multiple other bugs... so just cleaning off elimiexplorer will not clear the problem.

Here is how I would handle it on an xp machine:

<ul>1. click start
2. click run
3. in textbox type cmd and click ok
4. in the command window enter tskill ElimiExplorer.exe
5. in the command window enter attrib c:windowssystem32elimiexplorer.exe -r -s -h
6. in the command window enter del c:windowssystem32elimiexplorer.exe
7. in the command window enter exit
8. Then I would run several of the spyware removal systems described here:
Spyware and Malware Removal - Links and Hints</ul>
The goal should always be to do enough manually to be able to get your spyware programs where they can work.

Booting into safe mode before running a spyware cleaner in a known infected system is a good way of increasing your chances it will work as well.

reply

Anonymous
4 years ago

please if anyone has any new methods or reformed old ones please help me out.. i just dont want to give up on my aim quite yet.. but im goin psycho!!! :(

reply

Anonymous
4 years ago

<ul id="quote"><h6>YO wrote:</h6>OK
http://www.jayloden.com/VirusClean.htm
IT KILLS aLL AIM VIRUSES</ul>

reply

Anonymous
4 years ago

<ul id="quote"><h6>Anonymous wrote:</h6>please if anyone has any new methods or reformed old ones please help me out.. i just dont want to give up on my aim quite yet.. but im goin psycho!!! :(</ul>

http://www.geocities.com/cumquat18/elimiexplore...

FOLLOW THE DIRECTIONS EXACTLY

if that doesn't work, IM me fsck you trebek

reply

Anonymous
4 years ago

everyone i would like to deeply thank each and every one of you for your time and effort in trying to help me fix my computer.. after 2 weeks of strenuous battle i have finally won the war!! thats right i am officially rid of my virus and oh so proud although i would not have been able to do it without all your help.. i tried all the methods listed (basically) and can tell you that in the end the system restore method is the best way to go.. its not too complicated or confusing.. you can undo it if youd like.. and it takes you back to that wonderful time in youur life without the virus... LADIES AND GENTS.. its as simple as 1. control panel 2. performance and maintence 3. left corner it says SEE ALSO.. click system restore 4. follow the instructions and pick a date in which your computer and you were still friends 5. the computer takes over and you are in anti virus haven

NO ONE CLICK ANY LINKS EVER AGAIN!! lol from my new found experience i would just like to say to eveyone dont click any links that are a SMIDGE suspcious and dont lead to a direct site that you are familiar of.. be careful of the internet world its DANGEROUS!! any problems feel free to email me at babybluedreamz@aol.com bcus i want to help anyone with the problem i had.. dont commit suicide over this guys.. i got ur back.. and thanks to the host of the website you ROCK my SOCKS!!

reply

Anonymous
4 years ago

i had the virus i got rid of it heres how download process explorer http://www.sysinternals.com/ntw2k/freeware/proc... there and that will stop ur windows task manger to disapper nd then u can get rid of the virus :D

reply

Anonymous
4 years ago

can sum one plz list for me all the things tat i should get rid of

reply

Anonymous
4 years ago

this virus is apparantly also naming itself 'icqlite.exe' in the system32 folder ..

i had it running and i knew it was BS because i don't use icq .
if people can't find the other filenames, try that .

reply

Natalie
4 years ago

I think I got rid of the virus through AIMfix, because my aol instant messenger is fine. However, for some reason I can't access my gmail or school account. This has to be related to the virus, because it started happening right after I got it. Anyway, when I try to log-in to my e-mail it just keeps saying, "redirecting"... then a yellow caution triangle shows up and says something about a cookie. (this is happening to my friends who have the virus as well...) Any thoughts?

reply

Anonymous
4 years ago

hey "yo" u are the man thank you very much! :D

reply

guest
4 years ago

go to

START
SEARCH
FOR FILES OR FOLDERS
'type in "friends" and depet anything you dont recognize!!

its that easy!!

reply

Anonymous
4 years ago

Someone recently IMed me while I had an away message... Didn't know who it was. Screen name was like sweetbutfunchic.. I don't remember... Anyways I looked at their profile and it was a regular profile. So i wasn't suspicious of anything. 10 minutes later my computer restarted itself. When it reloaded it was running really slow and when I looked at the process tree aim.exe was making my processor run at 100% continiously. I ran ad-aware and Norton 2004 and it detected nothing. Also when I would end the aim.exe process tree my computer would automatically turn off. So what I did when I restarted my comp was end the aim.exe process tree as soon as it came up and I am able to use my comp but I havn't tried to open aim back up yet... Sorry for the long story...

reply

TR250
4 years ago

thanks for the aim virus killer. worked great!

reply

guest
4 years ago

<ul id="quote"><h6>Yo wrote:</h6>OKOK DONT CRY!
Just download aimfix
http://www.jayloden.com/VirusClean.htm</ul>

thank you so much i had the pop up away message that read http://www.shade tree service.com/best frien ds.scr the jayloden virus clean cleared it you dont know how appreciative i am

Editor:
added spaces in the url so that it wouldn't be a link.

reply

Constance
4 years ago

<ul id="quote"><h6>Natalie wrote:</h6>I think I got rid of the virus through AIMfix, because my aol instant messenger is fine. However, for some reason I can't access my gmail or school account. This has to be related to the virus, because it started happening right after I got it. Anyway, when I try to log-in to my e-mail it just keeps saying, "redirecting"... then a yellow caution triangle shows up and says something about a cookie. (this is happening to my friends who have the virus as well...) Any thoughts?</ul>

THAT IS EXACTLY WHAT IS HAPPENING TO ME, I CANT CHECK MY EMAIL AT ALL! please, i would be so grateful if someone helps me!!! my IM is ilovedeedzy32

reply

scnwoo16
4 years ago

the link and control panel won't work/stay open for me to try to remove these files...what do i do now?

reply

Anonymous
4 years ago

is nvsvc32.exe bad?

reply

MickeyMouse
4 years ago

<ul id="quote"><h6>Anonymous wrote:</h6>is nvsvc32.exe bad?</ul>

No. It's part of your NVIDIA drivers.

reply

pinkbubblez44
4 years ago

When i got the Best Friend Virus, I quickly got annoyed by it. Then all my friends started to get and we all just wanted it to die. Message after message for hours and hours.... we lived thru a day of that. After a day we found this website. It makes it go away!!!! It really works. So thank you whoever came up with it!!!!! Its a life saver!! http://www.jayloden.com/VirusClean.htm
:lol:
Always and Forever, *Amber*

reply

Anonymous
4 years ago

aimfix is saying there is no virus found on my computer!! what do i do?? I have the same problem as everyone else on this site!

reply

Matt
4 years ago

<ul id="quote"><h6>Constance wrote:</h6></ul><ul id="quote"><h6>Natalie wrote:</h6>I think I got rid of the virus through AIMfix, because my aol instant messenger is fine. However, for some reason I can't access my gmail or school account. This has to be related to the virus, because it started happening right after I got it. Anyway, when I try to log-in to my e-mail it just keeps saying, "redirecting"... then a yellow caution triangle shows up and says something about a cookie. (this is happening to my friends who have the virus as well...) Any thoughts?</ul>

THAT IS EXACTLY WHAT IS HAPPENING TO ME, I CANT CHECK MY EMAIL AT ALL! please, i would be so grateful if someone helps me!!! my IM is ilovedeedzy32

I'm having the same exact problem...Someone please help me I need to access my email account for school........

reply

Beth
4 years ago

You probably want to do a full SpyWare scan now.... i.e. run AdAware and SpyBot since these AIM viruses have a history of installing a lot of SpyWare, too. (http://www.tech-recipes.com/windows_tips674.html)

If that doesn't work, does a different browser work? Like FireFox? (http://www.mozilla.org/)

Try the steps in the following Microsoft solution: http://support.microsoft.com/default.aspx?scid=kb;en-us;813444

Finally, if you're on Windows XP, can you do a system restore back to before you clicked on that link? Start > (All) Programs > Accessories > System Tools > System Restore

reply

foster
4 years ago

That AIM fix isnt working for me, even in safe mode.

How do i know? The away message is still popping up and the task manager and regedit has yet to work.

So i am using copies of task manager and regedit, but i dont see any of the *.exe's that have been mentioned here. And i don't know what is harmful and what is not. Would rather not go deleting random things.

=(

reply

foster
4 years ago

w/e... its system restore time

reply

Songbird284
4 years ago

<font color="red">I USED HIJACK THIS</font>
Can I e-mail my log to anyone who could look it over and tell me what to delete? I don't want to post it on this forum.

reply

islandjen55
4 years ago

well, not only does the elon link not work, but my end task window won't even stay up for me to do anything else. someone smart please figure this thing out :cry: !

reply

davak
4 years ago

<ul id="quote"><h6>islandjen55 wrote:</h6>well, not only does the elon link not work, but my end task window won't even stay up for me to do anything else. someone smart please figure this thing out :cry: !</ul>

Disappearing or Closing Task Manager from AIM Virus/Trojan/Worm
http://www.tech-recipes.com/windows_tips648.html

reply

islandjen55
4 years ago

ok so i got rid of the away message thing, but now my hotmail page comes up as a blank page. help!

reply

Songbird284
4 years ago

I have the same hotmail problem.

reply

joshua_dawg
4 years ago

hey everyone!

I am no expert, but I manually figured it out and deleted this virus from my computer, so maybe I can help.

Here is what I did: (for XP, other OS can follow along too!)

If you can't Cntr-Alt-Del, then you get to have some REAL fun.

Go to Start>Run and type in cmd

This wil open a black window known as Command Prompt.

In this window, type TASKLIST. This is going to print a long list of all the applications that are running on your computer. Now here is the hard part. If you know your coputer pretty well, you should be able to figure this part out. You need to figure out which of the processes is the virus. Unfortunately, it has MANY different names. Mine was wmediaplayer.exe (which i knew was a fake because we all know the real executable for that it wmplayer.exe!!!!)

The BEST way to figure out which one it is is this:

In another window, go to your C Drive (or whatever your main drive where windows is installed). Then go to the Windows folder. Then go to System32. Now, to do this, you MUST know EXACTLY when you ran this program. If you do, sort the entire folder by date, and go find the program that corresponds to that exact time. BE VERY CAREFUL THOUGH!! You must make SURE that this is the EXACT time, otherwise you may delete something you need. It should look like the name of some other program, like aolmsngr.exe, or wmediaplayer.exe. Once you are positive that you have found the executable, go back to command prompt and you should see this program running. Next to it is a number labeled PID. Once you find that, type TASKKILL <insert the number you found>. This should stop the program. Then, go back to the C:/Windows/SYstem32 folder and DELETE that .exe file that you found. This should take care of that virus.

Well, sorry this is so long and confusing, but good luck and I will try to help you more if this is completely worthless! :-P

reply

Anonymous
4 years ago

What should I delete or uninstall, if anything?
Logfile of HijackThis v1.97.7
Scan saved at 11:51:46 AM, on 10/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

Edit -- See below

reply

davak
4 years ago

<ul id="quote"><h6>songbird284 wrote:</h6>What should I delete or uninstall, if anything?
Logfile of HijackThis v1.97.7
Scan saved at 11:51:46 AM, on 10/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
</ul>

I moved your hijack log into another forum to keep your problem seperate from this thread. You can follow it here:

http://www.tech-recipes.com/modules.php?name=Forums&file=viewtopic&t=519

reply

Anonymous
4 years ago

When I follow that link, I am asked for a username and password...I tried to use my tech-recipies username (songbird284) and my password, but I was not allowed to follow the link. Is there a specific username and password that I should put in when I am prompted for them?

reply

davak
4 years ago

<ul id="quote"><h6>songbird284 wrote:</h6>When I follow that link, I am asked for a username and password...I tried to use my tech-recipies username (songbird284) and my password, but I was not allowed to follow the link. Is there a specific username and password that I should put in when I am prompted for them?</ul>

Sorry. My mistake was in the url. It is corrected now.

reply

tshaud
4 years ago

when i went to remove it..my task manager wont stay up..it keeps closing..it wont let me delete it...is there any other way to do it or how should i fix my task manager

reply

davak
4 years ago

<ul id="quote"><h6>tshaud wrote:</h6>when i went to remove it..my task manager wont stay up..it keeps closing..it wont let me delete it...is there any other way to do it or how should i fix my task manager</ul>

Please read the entire thread before asking questions... this has been answered before.

http://www.tech-recipes.com/windows_tips648.html

reply

Anonymous
4 years ago

new link is http://jayloden.com/BestFriends.htm

just an fyi :)

-Jay

reply

Guest
4 years ago

ok if you have that stupid away message virus in your profile go to http://www.jayloden.com/VirusClean.htm and then click on removal tool then follow through with the directions..make sure you save your profile in someway because it is going to get rid of it.....GOOD LUCK!! HAHA

reply

Alexa
4 years ago

-first make sure you save your profile because when this procedure is done it will ge trid of your profile..

-then go to http://www.jayloden.com/VirusClean.htm and click on <span style="text-decoration:underline">remove tools</span>

-follow through the directions and the virus will be gone..

-to make sure it worked..press control, alt, delete and if the window stays that means the virus is gone..

GOOD LUCK!

reply

Petey dude
4 years ago

well im just a 11 year old kid, but all u have to do to remove it is search your computer for a file named ' bestfriends ' delete it and your set.

reply

ewalker
4 years ago

It doesn't work!!!! :x help!!!!

reply

Anonymous
4 years ago

Guys...enter in the website that it says when you click on the link in the posted solution. Then go to "Virus Symptoms" and scrool down to AIMGFix and click it. THat should work.

reply

tjh
4 years ago

i used that automatic way(jayloden) to get rid of the virus and now i can actually open up the task manager but idk if i got rid of it or not or if i have any problems with my comp can some1 tell me how i can check for other viruses besides from running norton antivirus
thanks

reply

anonomous
4 years ago

please help i downloaded the program bc my tast manager wont open but now i can not follow your instuructions bc i can not find aolmsg.exe i am not realli good with computers and i know this might be a stupid question but please help i need to get rid of this virus. I also tryed clicking on the sight that will remove it automatically but it says that the page no longer exists. if you have any sugestions please help! thanks alot

reply

Anonymous
4 years ago

PLEASE HELP ME! I have the same problem and it's got me so stressed!

reply

Guest
4 years ago

AIMFix seemed to fix my computer...and it is quick and easy! I found it on a website, and it took like a minute and I haven't had the problem since.

reply

Anonymous
4 years ago

:evil: i have tried everything i ran the AimFix downloaded the spyware remove have done everything that this post has suggested???????????????????????????????? what am i doing wrong

reply

NotTechSavy
4 years ago

I've apparently gotten this nasty strain of virus that attacks the task manager. (I also have a problem with a disappearing windows arrow/cursor that I suspect came from a virus as well).

Anyway, I've followed the instructions, but can't seem to find the specific .exe program named, so I am at a loss as to how to delete.

Process Explorer does note 5 separate svchost.exe programs running, which strikes me as odd. There is also something called VetTray.exe which sounds odd - and VetMsgNt.exe

Can you help?

reply

Anonymous
4 years ago

I have done a search in windows and found a new file. It's under BESTFRIENDS[1].SCR-01693871.pf in the C:windowsprefetch

reply

Anonymous
4 years ago

i have tryied everything and i mean everything
who ever started this gay thing is so0o stupid i mean what are you getting out of messing up computer i mean no $$ nothing just seeing thousnads of innocent ppl stressed out lik i am this is really depressing
if anyone has anything to help please let me no

reply

Anonymous
4 years ago

Everyone Just go to Help and support in your startup menu
and search for System Restore.
Run System Restore to a day that your computer was working before.
Easy As that

reply

blaah
4 years ago

thanks buddy, i system restored to an earlier day now my computer doesn't turn on, im on a different one. helllppppppppp 8O

reply

sickofbestfriendsvirus
4 years ago

I'm having major trouble with the best friends aim virus. it's driving me insane. i downloaded aimfix and it worked for about a couple hour or so, i wasn't getting the away message anymore and my task manager was even working, but now it's come back, and i can't figure out how to rerun the aimfix program. does anyone have any alternative solutions??? i would greatly appreciate your help.

reply

Alix
4 years ago

omgosh...please help me. i also have the best friends virus and nothing has worked. i tried the AIMfix and i also tried the system restore. i think that bc of the virus now my norton anti virus wont work. when i try and open norton it says "your current security settins prohibit running ActiveX controls on this page. As a result the page may not display corectly." it never used to do that til i click that dumb beach pics link. please help me, i just got this comp like 4 months ago and my mom will hate me forever if i mess up this computer. :(

reply

Anonymous
4 years ago

OK so i do this and it says "yourre security setting dont aloow you to download this file? now what do i do?

reply

sickofbestfriendsnomore
4 years ago

If any of you have McAffee Virus Scan Program, it can get rid of this virus, It took mine a couple of days to find it, but when it did, everything went back to normal and has been so for a few days now. I would strongly suggest that program to anyone who has similar virus problems to get this program, it really works! :D

reply

Guest
4 years ago

I'm ready to jump off a bridge! I've done everything I've seen here (everywhere else) for the last 4 1/2 hours. I've resolved everything, I think, except the ability to change my security settings in IE. "my computer" is set to High. When I manually go in and change it to low or medium it appears to take the reset, but then immediately reverts back to High. Incidentally, no default selection is available. I have no idea what to do next.... Please, please help!

reply

guest
4 years ago

boot in safe mode
go to regedit, find local machine, software, microsoft, windows, current version, run
look at all the virus programs booting at startup
search your computer for those obscure program names
delete every program you find
delete all virus program entires in regedit
optional: run adaware/spybot, altho the viruses you talk about may not yet be in their definitions file
finally reboot machine

reply

Anonymous
4 years ago

start your computer in safe mode...then run a search for 'SVCHOSTA' (make sure the 'search hidden folders' box is checked) delete the file 'SVCHOSTA' (its the file causing the problem) delete all (if there is more than one)...then simply restart your computer and it should be fixed...this happened to me too, its a pain in the ass and took me FOREVER to find someone who knew how to fix it

<ul id="quote"><h6>Anonymous wrote:</h6>I have this virus and i tried to follow what you say to do. The only problem is when i click for task manager, it only comes up for a second and then it disappears. It just won't stay up no matter how i pull it up! And the website you gave doesn't work. I've done a search and "run" for all the files that you say to look for and it can't find it... but i know you're talking about the same virus because it is exactly what i have! So please, Help me more! Email me at Asher689@hotmail.com PLEASE! This virus is really stressing me out and i've had it for about a month now. I've done tons of virus scans and i just can't get rid of it!</ul>

reply

Anonymous
4 years ago

Hi, Is there any way to make sure the virus is gone?

reply

Anonymous
4 years ago

^^ Sorry about that last post being so incomplete.

I used AIMFix once before but the virus wasn't gone. I tried it again and AIM seems to be fine...for now. Is there any way I can be sure that the virus is gone?

reply

a guest
4 years ago

:) Thank you to the person who recommended the AIMFIX! It worked! THANK YOU!!!!

reply

Anonymous
3 years ago

http://www.jayloden.com/VirusClean.htm worked hella goooooooood. haha thanx whoever made that

reply

Anonymous
3 years ago

When I try to run AimFIX it says "A required .DLL file, PSAPI.DLL, was not found."...I'm lost...

reply

Anonymous
3 years ago

yah i think i have a virus to on here...it keeps on popping up and away message that says...like pics from the beach last night and it give you a link. so how can i fix it please email me Junior__Ortiz_92@hotmail.com
thanx,
Junior

reply

Anonymous
3 years ago

hey i fixed it thanx!!!

reply

shikatano
3 years ago

the file name doesn' thave to be "aolmsngr.exe" mine was named winhost.exe, so maybe that could be what yours is named....um definately close it by using the process explorer program that was given in the recipe

reply

55
7 months ago

88

reply

Add New Comment

Returning? Login