Tech Support Team

Pewter7 · #21 (**permalink**) **Top** 25th March 2008, 01:28 AM

Ok, thanks Howard,

I'll try it again now.

Howard · #22 (**permalink**) **Top** 25th March 2008, 01:37 AM

No worries mate and good luck.

Regards Howard

Pewter7 · #23 (**permalink**) **Top** 25th March 2008, 02:03 AM

Hi Howard,

I did what you said but I still did not get a text file to pop up after it ran the script.

Is there any way I can copy and paste the correct data directly without using that program?

Howard · #24 (**permalink**) **Top** 25th March 2008, 02:24 AM

I`ve just noticed a slight mistake in the quote box in my instructions in my post #18

I have now fixed it and would like you to try following the instructions in that post again.

Let me know how it goes.

Regards Howard

Pewter7 · #25 (**permalink**) **Top** 26th March 2008, 03:14 AM

Hi Howard,

It worked this time!

Howard · #26 (**permalink**) **Top** 26th March 2008, 03:28 AM

Please double-click the FindAWF icon once again
This time we are going to remove some folders.

Use the following option: Press 3 then Enter to remove bak folders

A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:

Quote:

C:\Program Files\QuickTime\bak
C:\WINDOWS\SMINST\bak
C:\WINDOWS\system32\bak
C:\Program Files\Common Files\LightScribe\bak
C:\Program Files\Google\GoogleToolbarNotifier\bak
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak
C:\Program Files\HP\HP Software Update\bak
C:\Program Files\Adobe\Reader 8.0\Reader\bak
C:\Program Files\Java\jre1.6.0_03\bin\bak

Next, close and click Yes to save the changes.

When done with the above, FindAWF automatically runs a new scan and opens a new log that you need to post.
Please provide the new FindAWF log

Regards Howard

Pewter7 · #27 (**permalink**) **Top** 26th March 2008, 03:40 AM

Thanks Howard,

Step 3 completed ok too.

Howard · #28 (**permalink**) **Top** 26th March 2008, 03:47 AM

Ok, we need to remove some files manually, after which you may need to reinstall the affected programmes.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

NeroCheck.exe
HPBootOp.csv
HPBootOp.exe

Close task manager.

Locate and delete the following bold files and/or folders(if there).

C:\WINDOWS\system32\bak
C:\WINDOWS\system32\NeroCheck.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.csv
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak

Reboot into normal mode and rehide your protected OS files.

Double-click FindAWF.exe to start the tool.
Select "option #1 - Scan for bak folders" by typing 1 and press Enter
When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt as an attachment.

Also run a fresh HJT scan and attach the log file.

Regards Howard

Pewter7 · #29 (**permalink**) **Top** 26th March 2008, 04:12 AM

Hey Howard,

Ok, I was able to do everything.

Oops, I just realized I didn't delete nerocheck.exe

I'll just do that real quick.

Howard · #30 (**permalink**) **Top** 26th March 2008, 04:21 AM

All clean now mate.

Please do the following.

Click start/run and type combofix /u into the run box and hit the enter key. Note the space between combofix and forward slash. This will uninstall Combofix and all it`s folders etc.

Delete the FindAWF tool.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

Go HERE, download and install the latest version of Java.

Once it`s installed, go to add remove programmes in your control panel and uninstall all previous versions of Java, except version 6 update 5. Close Control panel.

You may want to have a read of this thread HERE.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

Pewter7 · #31 (**permalink**) **Top** 26th March 2008, 04:32 AM

Wow!

Thanks Howard.

I'll have to follow instructions in step 30 tomorrow.

I do so appreciate all your invaluable help!

Pewter7 · #32 (**permalink**) **Top** 27th March 2008, 02:20 AM

I am so relieved and very pleased to have my system back from that nasty trojan and all the trouble it caused. I am so very grateful to you, Howard, for your time and generous spirit in helping me fix my computer. Thank you so very much!

Howard · #33 (**permalink**) **Top** 27th March 2008, 02:36 AM

That`s good news mate and I`m glad I could help.

I`m now going to mark this thread as solved.

Regards Howard

Pewter7 · #34 (**permalink**) **Top** 27th March 2008, 02:40 AM

I believe that the trojan was downloaded by my child from playing on agame.com

I have put this site in my blocked list but it does not seem to work. I can still go to it without a problem.

Can you tell me how I might block a site like this permanently?

Thanks!

Howard · #35 (**permalink**) **Top** 27th March 2008, 02:47 AM

Take a look at THIS and see if it helps.

Regards Howard

Pewter7 · #36 (**permalink**) **Top** 27th March 2008, 01:56 PM

Ah, that is excellent information Howard! Thanks once more