also @ TechSpot: Bitcoin's big mystery: who created the virtual currency system?

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

After using Malwarebytes anti-malware I still have XP Security 2011

Discussion in 'Virus and Malware Removal' started by hbuteme, Nov 21, 2010.

Page 2 of 3

hbuteme Newcomer, in training Posts: 37

ESET log

Hi Broni,

I guess IE is internet explorer? Let me update it now then. Here's the ESET log.

C:\PDF Suite\PDF Suite.exe Win32/Virut.NBP virus
C:\PDF Suite\Gs\gswin32c.exe Win32/Virut.NBP virus
C:\PDF Suite\Help\PDF Suite Presentation.exe Win32/Virut.NBP virus
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP75\A0027800.exe Win32/Cycbot.AA trojan

hbuteme, Nov 25, 2010

#21
hbuteme Newcomer, in training Posts: 37

Oops! I hope you don't mind me asking but how do I update IE to version 7?

hbuteme, Nov 25, 2010

#22
Broni Malware Annihilator Posts: 39,288 +175

Yes, IE is Internet Explorer.
Download: http://www.microsoft.com/downloads/...BE-3385-447C-8A30-081805B2F90B&displaylang=en

I really don't like this:

C:\PDF Suite\PDF Suite.exe Win32/Virut.NBP virus
C:\PDF Suite\Gs\gswin32c.exe Win32/Virut.NBP virus
C:\PDF Suite\Help\PDF Suite Presentation.exe Win32/Virut.NBP virus

Where did PDF Suite come from?
Is it already installed on your computer?

It's very crucial, you answer the above questions before doing anything else.

Broni, Nov 25, 2010

#23
hbuteme Newcomer, in training Posts: 37

Yes, PDF Suite is installed on my computer. I installed early this year (I think) but I rarely use it. It can take months before I use it. However, someone sent me a PDF document tonight just before I ran the scan and when I opened it it used PDF suite.

hbuteme, Nov 25, 2010

#24
hbuteme Newcomer, in training Posts: 37

The document was sent in an email attachment. It didn't give me options: I clicked on the document to open it and it opened using PDF Suite and asked to make it the default rather than Adobe. I didn't check that option because I prefer Adobe. I just closed that window and the document opened but in PDF Suite.

hbuteme, Nov 25, 2010

#25

Broni Malware Annihilator Posts: 39,288 +175

You didn't say where did you get PDF Suite from.

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
Upload following files to http://www.virustotal.com/ for security check:
- C:\PDF Suite\PDF Suite.exe
- C:\PDF Suite\Gs\gswin32c.exe
- C:\PDF Suite\Help\PDF Suite Presentation.exe
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

Broni, Nov 25, 2010

#26

hbuteme Newcomer, in training Posts: 37

Sorry. I'm totally clueless on where the PDF Suite originated from. Someone installed the PDF Suite by transferring it from a flash to my laptop. I have no clue where he got it from.

I'm uploading the files to virus total.

hbuteme, Nov 25, 2010

#27
Broni Malware Annihilator Posts: 39,288 +175

PDF Suite is not free, so if you got it through some illegal download and ESET found its files Virut infected....Virut infection is a very serious matter.
If it confirms, you'll be facing formatting and reinstalling Windows.

Broni, Nov 25, 2010

#28
hbuteme Newcomer, in training Posts: 37

Then I'm screwed. I'm seeing lots of virut on these scans. The last one is scanning and I'm about to post. If I format and re-install Windows will I lose all my info?

hbuteme, Nov 25, 2010

#29
hbuteme Newcomer, in training Posts: 37

Virus total scan results

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: PDF Suite.exe
Submission date: 2010-11-25 22:44:22 (UTC)
Current status: queued (#8) queued analysing finished

Result: 12/ 41 (29.3%)

Antivirus results
AhnLab-V3 - 2010.11.25.01 - 2010.11.25 - Win32/Virut.E
AntiVir - 7.10.14.107 - 2010.11.25 - TR/Patched.Gen
Antiy-AVL - 2.0.3.7 - 2010.11.25 - -
Avast - 4.8.1351.0 - 2010.11.25 - Win32:Vitro
Avast5 - 5.0.594.0 - 2010.11.25 - Win32:Vitro
AVG - 9.0.0.851 - 2010.11.25 - -
BitDefender - 7.2 - 2010.11.25 - -
CAT-QuickHeal - 11.00 - 2010.11.25 - W32.Virut.G
ClamAV - 0.96.4.0 - 2010.11.25 - -
Command - 5.2.11.5 - 2010.11.25 - W32/Virut.AI!Generic
Comodo - 6847 - 2010.11.25 - -
DrWeb - 5.0.2.03300 - 2010.11.25 - -
eSafe - 7.0.17.0 - 2010.11.24 - -
eTrust-Vet - 36.1.8000 - 2010.11.25 - -
F-Prot - 4.6.2.117 - 2010.11.25 - W32/Virut.AI!Generic
F-Secure - 9.0.16160.0 - 2010.11.25 - -
Fortinet - 4.2.254.0 - 2010.11.25 - -
GData - 21 - 2010.11.25 - Win32:Vitro
Ikarus - T3.1.1.90.0 - 2010.11.25 - -
Jiangmin - 13.0.900 - 2010.11.25 - -
K7AntiVirus - 9.69.3083 - 2010.11.25 - -
Kaspersky - 7.0.0.125 - 2010.11.25 - -
McAfee - 5.400.0.1158 - 2010.11.25 - -
McAfee-GW-Edition - 2010.1C - 2010.11.25 - -
Microsoft - 1.6402 - 2010.11.25 - -
NOD32 - 5649 - 2010.11.25 - Win32/Virut.NBP
Norman - 6.06.10 - 2010.11.25 - -
nProtect - 2010-11-25.01 - 2010.11.25 - -
Panda - 10.0.2.7 - 2010.11.25 - -
PCTools - 7.0.3.5 - 2010.11.25 - -
Prevx - 3.0 - 2010.11.25 - -
Rising - 22.75.03.00 - 2010.11.25 - Win32.Virut.db
Sophos - 4.60.0 - 2010.11.25 - -
SUPERAntiSpyware - 4.40.0.1006 - 2010.11.25 - -
Symantec - 20101.2.0.161 - 2010.11.25 - -
TheHacker - 6.7.0.1.091 - 2010.11.25 - -
TrendMicro - 9.120.0.1004 - 2010.11.25 - PE_VIRUX.D-4
TrendMicro-HouseCall - 9.120.0.1004 - 2010.11.25 - PE_VIRUX.D-4
VBA32 - 3.12.14.2 - 2010.11.25 - -
VIPRE - 7411 - 2010.11.25 - -
VirusBuster - 13.6.60.0 - 2010.11.25 - -
File info:
MD5: 7d2abf1c2713fc4a85c089b866f08a75
SHA1: 66748663e949f235dd32df4f81314960e08a2ae1
SHA256: c76b0bb80440aefaf5b16e850ba598f1e47f183311718181c573e9bc30e29b17
File size: 4714496 bytes
Scan date: 2010-11-25 22:44:22 (UTC)

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: gswin32c.exe
Submission date: 2010-11-25 22:51:15 (UTC)
Current status: queued (#7) queued (#7) analysing finished

Result: 14/ 43 (32.6%)

Antivirus results
AhnLab-V3 - 2010.11.26.00 - 2010.11.25 - -
AntiVir - 7.10.14.107 - 2010.11.25 - TR/Patched.Gen
Antiy-AVL - 2.0.3.7 - 2010.11.25 - -
Avast - 4.8.1351.0 - 2010.11.25 - Win32:Vitro
Avast5 - 5.0.594.0 - 2010.11.25 - Win32:Vitro
AVG - 9.0.0.851 - 2010.11.25 - -
BitDefender - 7.2 - 2010.11.25 - -
CAT-QuickHeal - 11.00 - 2010.11.25 - W32.Virut.G
ClamAV - 0.96.4.0 - 2010.11.25 - -
Command - 5.2.11.5 - 2010.11.25 - W32/Virut.AI!Generic
Comodo - 6847 - 2010.11.25 - -
DrWeb - 5.0.2.03300 - 2010.11.25 - -
Emsisoft - 5.0.0.50 - 2010.11.25 - Virus.Win32.Virut!IK
eSafe - 7.0.17.0 - 2010.11.24 - -
eTrust-Vet - 36.1.8000 - 2010.11.25 - -
F-Prot - 4.6.2.117 - 2010.11.25 - W32/Virut.AI!Generic
F-Secure - 9.0.16160.0 - 2010.11.25 - -
Fortinet - 4.2.254.0 - 2010.11.25 - -
GData - 21 - 2010.11.25 - Win32:Vitro
Ikarus - T3.1.1.90.0 - 2010.11.25 - Virus.Win32.Virut
Jiangmin - 13.0.900 - 2010.11.25 - -
K7AntiVirus - 9.69.3083 - 2010.11.25 - -
Kaspersky - 7.0.0.125 - 2010.11.25 - -
McAfee - 5.400.0.1158 - 2010.11.25 - -
McAfee-GW-Edition - 2010.1C - 2010.11.25 - -
Microsoft - 1.6402 - 2010.11.25 - -
NOD32 - 5649 - 2010.11.25 - Win32/Virut.NBP
Norman - 6.06.10 - 2010.11.25 - -
nProtect - 2010-11-25.01 - 2010.11.25 - -
Panda - 10.0.2.7 - 2010.11.25 - W32/Sality.AO
PCTools - 7.0.3.5 - 2010.11.25 - -
Prevx - 3.0 - 2010.11.25 - -
Rising - 22.75.03.00 - 2010.11.25 - Win32.Virut.db
Sophos - 4.60.0 - 2010.11.25 - -
SUPERAntiSpyware - 4.40.0.1006 - 2010.11.25 - -
Symantec - 20101.2.0.161 - 2010.11.25 - -
TheHacker - 6.7.0.1.091 - 2010.11.25 - -
TrendMicro - 9.120.0.1004 - 2010.11.25 - PE_VIRUX.D-4
TrendMicro-HouseCall - 9.120.0.1004 - 2010.11.25 - PE_VIRUX.D-4
VBA32 - 3.12.14.2 - 2010.11.25 - -
VIPRE - 7411 - 2010.11.25 - -
ViRobot - 2010.11.19.4158 - 2010.11.25 - -
VirusBuster - 13.6.60.0 - 2010.11.25 - -
File info:
MD5: c359527c02490cf7a5d844b699617fc7
SHA1: af1eccd6fcc081b09caf1fc4b2f94dfedf5d9a31
SHA256: 62e98134066e2d89b3833127f17d704e464e497c4fa38152feb3dcce4b3617ac
File size: 188416 bytes
Scan date: 2010-11-25 22:51:15 (UTC)

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: PDF Suite Presentation.exe
Submission date: 2010-11-25 22:54:43 (UTC)
Current status: queued queued analysing finished

Result: 14/ 43 (32.6%)

Antivirus results
AhnLab-V3 - 2010.11.26.00 - 2010.11.25 - -
AntiVir - 7.10.14.107 - 2010.11.25 - TR/Patched.Gen
Antiy-AVL - 2.0.3.7 - 2010.11.25 - -
Avast - 4.8.1351.0 - 2010.11.25 - Win32:Vitro
Avast5 - 5.0.594.0 - 2010.11.25 - Win32:Vitro
AVG - 9.0.0.851 - 2010.11.25 - -
BitDefender - 7.2 - 2010.11.25 - -
CAT-QuickHeal - 11.00 - 2010.11.25 - W32.Virut.G
ClamAV - 0.96.4.0 - 2010.11.25 - -
Command - 5.2.11.5 - 2010.11.25 - W32/Virut.AI!Generic
Comodo - 6847 - 2010.11.25 - Virus.Win32.Virut.CE
DrWeb - 5.0.2.03300 - 2010.11.25 - -
Emsisoft - 5.0.0.50 - 2010.11.25 - -
eSafe - 7.0.17.0 - 2010.11.24 - -
eTrust-Vet - 36.1.8000 - 2010.11.25 - -
F-Prot - 4.6.2.117 - 2010.11.25 - W32/Virut.AI!Generic
F-Secure - 9.0.16160.0 - 2010.11.25 - -
Fortinet - 4.2.254.0 - 2010.11.25 - W32/Virut.CE
GData - 21 - 2010.11.25 - Win32:Vitro
Ikarus - T3.1.1.90.0 - 2010.11.25 - -
Jiangmin - 13.0.900 - 2010.11.25 - -
K7AntiVirus - 9.69.3083 - 2010.11.25 - -
Kaspersky - 7.0.0.125 - 2010.11.25 - -
McAfee - 5.400.0.1158 - 2010.11.25 - -
McAfee-GW-Edition - 2010.1C - 2010.11.25 - -
Microsoft - 1.6402 - 2010.11.25 - -
NOD32 - 5649 - 2010.11.25 - Win32/Virut.NBP
Norman - 6.06.10 - 2010.11.25 - -
nProtect - 2010-11-25.01 - 2010.11.25 - -
Panda - 10.0.2.7 - 2010.11.25 - W32/Sality.AO
PCTools - 7.0.3.5 - 2010.11.25 - -
Prevx - 3.0 - 2010.11.25 - -
Rising - 22.75.03.00 - 2010.11.25 - Win32.Virut.db
Sophos - 4.60.0 - 2010.11.25 - -
SUPERAntiSpyware - 4.40.0.1006 - 2010.11.25 - -
Symantec - 20101.2.0.161 - 2010.11.25 - -
TheHacker - 6.7.0.1.091 - 2010.11.25 - -
TrendMicro - 9.120.0.1004 - 2010.11.25 - PE_VIRUX.D-4
TrendMicro-HouseCall - 9.120.0.1004 - 2010.11.25 - PE_VIRUX.D-4
VBA32 - 3.12.14.2 - 2010.11.25 - -
VIPRE - 7411 - 2010.11.25 - -
ViRobot - 2010.11.19.4158 - 2010.11.25 - -
VirusBuster - 13.6.60.0 - 2010.11.25 - -
File info:
MD5: 169d690681a08b4f335c4e8830b95661
SHA1: 139fc48adf32ce36f7e786420c189fe5234f8dbf
SHA256: 381ab11d84658b684f17e3f89fb69111ceac3e69c943559685572a4279a6a735
File size: 491520 bytes
Scan date: 2010-11-25 22:54:43 (UTC)

hbuteme, Nov 25, 2010

#30
hbuteme Newcomer, in training Posts: 37

Is it ok now for me to update IE or should I still hang on?

hbuteme, Nov 25, 2010

#31
Broni Malware Annihilator Posts: 39,288 +175

Uninstall PDF Suite right away.

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
Upload following files to http://www.virustotal.com/ for security check:
- explorer.exe located @ C:\Windows
- userinit.exe and svchost.exe located @ C:\Windows\System32
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

Broni, Nov 25, 2010

#32
hbuteme Newcomer, in training Posts: 37

Shoot! I've got an NSIS error when I tried to uninstall PDF Suite. It says the installer that you are trying to use is incomplete or corrupt. This could be due to a damaged dish, a failed download or a virus. You may want to contact the author of this installer to obtain a new copy. it may be possible to skip this check using the ?NCRC command line switch (NOT RECOMMENDED).

That doesn't sound good. I hope it's not as bad as it sounds.

Let me upload these other files to virus total

hbuteme, Nov 25, 2010

#33
Broni Malware Annihilator Posts: 39,288 +175

Let me know...

Broni, Nov 25, 2010

#34
hbuteme Newcomer, in training Posts: 37

New virus total scans

New scans below. By the way for the previous message about the NSIS error that should have been /NCRC not ?NCRC.

9 VT Community user(s) with a total of 716 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: explorer.exe
Submission date: 2010-11-25 23:17:42 (UTC)
Current status: queued queued analysing finished

Result: 0/ 37 (0.0%)

Antivirus results
AhnLab-V3 - 2010.11.26.00 - 2010.11.25 - -
AntiVir - 7.10.14.107 - 2010.11.25 - -
Antiy-AVL - 2.0.3.7 - 2010.11.25 - -
Avast - 4.8.1351.0 - 2010.11.25 - -
Avast5 - 5.0.594.0 - 2010.11.25 - -
AVG - 9.0.0.851 - 2010.11.25 - -
BitDefender - 7.2 - 2010.11.25 - -
CAT-QuickHeal - 11.00 - 2010.11.25 - -
ClamAV - 0.96.4.0 - 2010.11.25 - -
Command - 5.2.11.5 - 2010.11.25 - -
Comodo - 6847 - 2010.11.25 - -
Emsisoft - 5.0.0.50 - 2010.11.25 - -
eTrust-Vet - 36.1.8000 - 2010.11.25 - -
F-Prot - 4.6.2.117 - 2010.11.25 - -
F-Secure - 9.0.16160.0 - 2010.11.25 - -
Fortinet - 4.2.254.0 - 2010.11.25 - -
GData - 21 - 2010.11.25 - -
Ikarus - T3.1.1.90.0 - 2010.11.25 - -
Jiangmin - 13.0.900 - 2010.11.25 - -
K7AntiVirus - 9.69.3083 - 2010.11.25 - -
Kaspersky - 7.0.0.125 - 2010.11.25 - -
McAfee - 5.400.0.1158 - 2010.11.25 - -
McAfee-GW-Edition - 2010.1C - 2010.11.25 - -
NOD32 - 5649 - 2010.11.25 - -
nProtect - 2010-11-25.01 - 2010.11.25 - -
Panda - 10.0.2.7 - 2010.11.25 - -
PCTools - 7.0.3.5 - 2010.11.25 - -
Prevx - 3.0 - 2010.11.26 - -
Rising - 22.75.03.00 - 2010.11.25 - -
Sophos - 4.60.0 - 2010.11.25 - -
SUPERAntiSpyware - 4.40.0.1006 - 2010.11.25 - -
TheHacker - 6.7.0.1.091 - 2010.11.25 - -
TrendMicro - 9.120.0.1004 - 2010.11.25 - -
TrendMicro-HouseCall - 9.120.0.1004 - 2010.11.25 - -
VIPRE - 7411 - 2010.11.25 - -
ViRobot - 2010.11.19.4158 - 2010.11.25 - -
VirusBuster - 13.6.60.0 - 2010.11.25 - -
File info:
MD5: 12896823fb95bfb3dc9b46bcaedc9923
SHA1: 9d2bf84874abc5b6e9a2744b7865c193c08d362f
SHA256: 1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455
File size: 1033728 bytes
Scan date: 2010-11-25 23:17:42 (UTC)

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: userinit.exe
Submission date: 2010-11-25 23:23:53 (UTC)
Current status: queued (#2) queued (#2) analysing finished

Result: 0/ 43 (0.0%)

Antivirus results
AhnLab-V3 - 2010.11.26.00 - 2010.11.25 - -
AntiVir - 7.10.14.107 - 2010.11.25 - -
Antiy-AVL - 2.0.3.7 - 2010.11.25 - -
Avast - 4.8.1351.0 - 2010.11.25 - -
Avast5 - 5.0.594.0 - 2010.11.25 - -
AVG - 9.0.0.851 - 2010.11.25 - -
BitDefender - 7.2 - 2010.11.25 - -
CAT-QuickHeal - 11.00 - 2010.11.25 - -
ClamAV - 0.96.4.0 - 2010.11.25 - -
Command - 5.2.11.5 - 2010.11.25 - -
Comodo - 6847 - 2010.11.25 - -
DrWeb - 5.0.2.03300 - 2010.11.25 - -
Emsisoft - 5.0.0.50 - 2010.11.25 - -
eSafe - 7.0.17.0 - 2010.11.24 - -
eTrust-Vet - 36.1.8000 - 2010.11.25 - -
F-Prot - 4.6.2.117 - 2010.11.25 - -
F-Secure - 9.0.16160.0 - 2010.11.25 - -
Fortinet - 4.2.254.0 - 2010.11.25 - -
GData - 21 - 2010.11.25 - -
Ikarus - T3.1.1.90.0 - 2010.11.25 - -
Jiangmin - 13.0.900 - 2010.11.25 - -
K7AntiVirus - 9.69.3083 - 2010.11.25 - -
Kaspersky - 7.0.0.125 - 2010.11.25 - -
McAfee - 5.400.0.1158 - 2010.11.25 - -
McAfee-GW-Edition - 2010.1C - 2010.11.25 - -
Microsoft - 1.6402 - 2010.11.25 - -
NOD32 - 5649 - 2010.11.25 - -
Norman - 6.06.10 - 2010.11.25 - -
nProtect - 2010-11-25.01 - 2010.11.25 - -
Panda - 10.0.2.7 - 2010.11.25 - -
PCTools - 7.0.3.5 - 2010.11.25 - -
Prevx - 3.0 - 2010.11.26 - -
Rising - 22.75.03.00 - 2010.11.25 - -
Sophos - 4.60.0 - 2010.11.25 - -
SUPERAntiSpyware - 4.40.0.1006 - 2010.11.25 - -
Symantec - 20101.2.0.161 - 2010.11.25 - -
TheHacker - 6.7.0.1.091 - 2010.11.25 - -
TrendMicro - 9.120.0.1004 - 2010.11.25 - -
TrendMicro-HouseCall - 9.120.0.1004 - 2010.11.25 - -
VBA32 - 3.12.14.2 - 2010.11.25 - -
VIPRE - 7411 - 2010.11.25 - -
ViRobot - 2010.11.19.4158 - 2010.11.25 - -
VirusBuster - 13.6.60.0 - 2010.11.25 - -
File info:
MD5: a93aee1928a9d7ce3e16d24ec7380f89
SHA1: 513f8bdf67a5a9e09803cfb61f590b39f2683853
SHA256: 944cd2135e171af338352568aa7fe1b8004733a4281395ad6723e0cf43d5f53f
File size: 26112 bytes
Scan date: 2010-11-25 23:23:53 (UTC)

6 VT Community user(s) with a total of 741 reputation credit(s) say(s) this sample is goodware. 1 VT Community user(s) with a total of 1 reputation credit(s) say(s) this sample is malware.
File name: svchost.exe
Submission date: 2010-11-25 23:27:39 (UTC)
Current status: queued (#4) queued (#4) analysing finished

Result: 0/ 43 (0.0%)

Antivirus results
AhnLab-V3 - 2010.11.26.00 - 2010.11.25 - -
AntiVir - 7.10.14.107 - 2010.11.25 - -
Antiy-AVL - 2.0.3.7 - 2010.11.25 - -
Avast - 4.8.1351.0 - 2010.11.25 - -
Avast5 - 5.0.594.0 - 2010.11.25 - -
AVG - 9.0.0.851 - 2010.11.25 - -
BitDefender - 7.2 - 2010.11.25 - -
CAT-QuickHeal - 11.00 - 2010.11.25 - -
ClamAV - 0.96.4.0 - 2010.11.25 - -
Command - 5.2.11.5 - 2010.11.25 - -
Comodo - 6847 - 2010.11.25 - -
DrWeb - 5.0.2.03300 - 2010.11.25 - -
Emsisoft - 5.0.0.50 - 2010.11.25 - -
eSafe - 7.0.17.0 - 2010.11.24 - -
eTrust-Vet - 36.1.8000 - 2010.11.25 - -
F-Prot - 4.6.2.117 - 2010.11.25 - -
F-Secure - 9.0.16160.0 - 2010.11.25 - -
Fortinet - 4.2.254.0 - 2010.11.25 - -
GData - 21 - 2010.11.25 - -
Ikarus - T3.1.1.90.0 - 2010.11.25 - -
Jiangmin - 13.0.900 - 2010.11.25 - -
K7AntiVirus - 9.69.3083 - 2010.11.25 - -
Kaspersky - 7.0.0.125 - 2010.11.25 - -
McAfee - 5.400.0.1158 - 2010.11.25 - -
McAfee-GW-Edition - 2010.1C - 2010.11.25 - -
Microsoft - 1.6402 - 2010.11.25 - -
NOD32 - 5649 - 2010.11.25 - -
Norman - 6.06.10 - 2010.11.25 - -
nProtect - 2010-11-25.01 - 2010.11.25 - -
Panda - 10.0.2.7 - 2010.11.25 - -
PCTools - 7.0.3.5 - 2010.11.25 - -
Prevx - 3.0 - 2010.11.26 - -
Rising - 22.75.03.00 - 2010.11.25 - -
Sophos - 4.60.0 - 2010.11.25 - -
SUPERAntiSpyware - 4.40.0.1006 - 2010.11.25 - -
Symantec - 20101.2.0.161 - 2010.11.25 - -
TheHacker - 6.7.0.1.091 - 2010.11.25 - -
TrendMicro - 9.120.0.1004 - 2010.11.25 - -
TrendMicro-HouseCall - 9.120.0.1004 - 2010.11.25 - -
VBA32 - 3.12.14.2 - 2010.11.25 - -
VIPRE - 7411 - 2010.11.25 - -
ViRobot - 2010.11.19.4158 - 2010.11.25 - -
VirusBuster - 13.6.60.0 - 2010.11.25 - -
File info:
MD5: 27c6d03bcdb8cfeb96b716f3d8be3e18
SHA1: 49083ae3725a0488e0a8fbbe1335c745f70c4667
SHA256: 2910ebc692d833d949bfd56059e8106d324a276d5f165f874f3fb1b6c613cdd5
File size: 14336 bytes
Scan date: 2010-11-25 23:27:39 (UTC)

hbuteme, Nov 25, 2010

#35
Broni Malware Annihilator Posts: 39,288 +175

Hopefully, it didn't spread yet.

Use Revo Uninstaller: http://www.revouninstaller.com/revo_uninstaller_free_download.html to uninstall PDF Suite.

Broni, Nov 25, 2010

#36
hbuteme Newcomer, in training Posts: 37

Fingers crossed ... I'll let you know.

hbuteme, Nov 25, 2010

#37
hbuteme Newcomer, in training Posts: 37

There's no PDF Suite in either New programs or Other programs

hbuteme, Nov 25, 2010

#38
hbuteme Newcomer, in training Posts: 37

Do I still need Combofix, OTL, MBRCheck, TFC, Security Check, JavaRa on my desktop or is it safe for me to delete them?

hbuteme, Nov 25, 2010

#39
Broni Malware Annihilator Posts: 39,288 +175
I'll let you know in a moment...

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL :Services :Reg :Files C:\PDF Suite :Commands [purity] [emptytemp] [emptyflash] [Reboot]

Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
Broni, Nov 25, 2010

#40

Page 2 of 3

Topic Status:: Not open for further replies.

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.