View previous topic :: View next topic |
Author |
Message |
killercrush Just Arrived
Joined: 20 Jul 2004 Posts: 0 Location: earth
|
Posted: Tue Jul 27, 2004 2:59 am Post subject: rocky2[1].exe |
|
|
Is this a virus? When I did a scan on RAV it said that it was a virus/infected file. It's located in
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\6OEYI42A\
and it wont allow me to delete it.
Or should I not be worried about it at all?
|
|
Back to top |
|
|
fuzed Just Arrived
Joined: 13 May 2004 Posts: 0
|
Posted: Tue Jul 27, 2004 3:48 pm Post subject: |
|
|
havent used that flavour of AV, but some av apps tell you what the virii are... I would get to command prompt and delete the file from there, make sure its not running in task manager either.
run AV on all of your HD's as well...
do a search on google for the file found and add virus on as well.
|
|
Back to top |
|
|
Groovicus Trusted SF Member
Joined: 19 May 2004 Posts: 9 Location: Centerville, South Dakota
|
Posted: Tue Jul 27, 2004 6:01 pm Post subject: |
|
|
Boot into safe mode, open IE...go to tools, preferences, and flush your temp files.
See if that does it.
|
|
Back to top |
|
|
killercrush Just Arrived
Joined: 20 Jul 2004 Posts: 0 Location: earth
|
Posted: Tue Jul 27, 2004 7:36 pm Post subject: |
|
|
groovicus wrote: |
Boot into safe mode, open IE...go to tools, preferences, and flush your temp files.
See if that does it. |
ive already done that and it didn't work.
|
|
Back to top |
|
|
Groovicus Trusted SF Member
Joined: 19 May 2004 Posts: 9 Location: Centerville, South Dakota
|
Posted: Tue Jul 27, 2004 7:47 pm Post subject: |
|
|
Your AV should give you the option to rename, delete, etc. Rename it or delete it from there.
It is in your browser cache, so that is where it needs to be deleted from.
Can I get the fill path name?
EDIT:
Just had another thought.
Open notepad and paste in the following lines:
del c:\ *.tmp
del %temp%\*.tmp /f
del %windir%\prefetch\*.*
del %windir%\temp\*.* /f
Save to desktop as 'clean.bat' , file type - 'all files'
DoubleClick on the icon, and say yes when prompted.
|
|
Back to top |
|
|
killercrush Just Arrived
Joined: 20 Jul 2004 Posts: 0 Location: earth
|
Posted: Tue Jul 27, 2004 8:00 pm Post subject: |
|
|
I got rid of the rocky2[1].exe. it had duplicated itself into some other folders but each allowed me to delete it. so that problem is now out of the way.
however
i did end up finding some more problems listed when i ran RAV once more. here is what it came up with. Please let me know if any of these files will be harmful to the computer of if it's something that I shouldn't worry about.
Scan started at 7/27/2004 12:40:39 PM
Scanning memory...
Scanning boot sectors...
Scanning files...
C:\RECYCLER\S-1-5-21-1051151432-1597056692-1010472921-1003\Dc1.exe - PWS:Win32/Briss -> Infected
C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP219\A0164713.EXE - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP219\A0164749.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP219\A0164750.dll - Trojan:Win32/StartPage.IX -> Infected
C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP219\A0164751.dll - Trojan:Win32/StartPage.IX -> Infected
C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP219\A0164752.dll - Trojan:Win32/StartPage.IX -> Infected
C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP219\A0164753.dll - Trojan:Win32/StartPage.IX -> Infected
C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP219\A0164754.dll - Trojan:Win32/StartPage.IX -> Infected
C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP219\A0164755.dll - Trojan:Win32/StartPage.IX -> Infected
C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP219\A0164756.dll - Trojan:Win32/StartPage.IX -> Infected
C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP219\A0164757.dll - Trojan:Win32/StartPage.IX -> Infected
Scanned
============================
Objects: 51404
Directories: 3055
Archives: 6077
Size(Kb): 855621
Infected files: 11
Found
============================
Viruses found: 3
Suspicious files: 0
Disinfected files: 0
Mail files: 68
Thanks
|
|
Back to top |
|
|
Groovicus Trusted SF Member
Joined: 19 May 2004 Posts: 9 Location: Centerville, South Dakota
|
Posted: Tue Jul 27, 2004 8:07 pm Post subject: |
|
|
Empty your recycle bin, then disable, then re-enable your system restore.
That should solve it.
|
|
Back to top |
|
|
heh Just Arrived
Joined: 27 Jul 2004 Posts: 0
|
Posted: Tue Jul 27, 2004 10:23 pm Post subject: |
|
|
start page is annoying
|
|
Back to top |
|
|
killercrush Just Arrived
Joined: 20 Jul 2004 Posts: 0 Location: earth
|
Posted: Wed Jul 28, 2004 5:39 am Post subject: |
|
|
groovicus wrote: |
Empty your recycle bin, then disable, then re-enable your system restore.
That should solve it. |
See... my recycle bin is empty. That's a file that's inside of a protected items deleted folder and it wont let me completely delete it, only restore it.
|
|
Back to top |
|
|
|