TechSpot

Exploit.ADODB.AN

By emlynt2000
Nov 3, 2006
  1. Ive keep getting this message come up when i run bitDefender scan.It shows i have an application MICR.F I will attach the logs from bitdefender and also hijack this .So if anyone can help id be very grateful.As the title states this seems to be cause Exploit.ADODB.AN
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your system has some nasty infections.

    Go and read the Trojan Pakes and other nasties preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.

    Make sure you rename HijackThis.exe to HijackThis1991.exe


    Regards Howard :)


    This thread is for the use of emlynt2000 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. emlynt2000

    emlynt2000 TS Rookie Topic Starter

    Sorry to bother you again howard but in your instruction * Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT).* I am the only user on my computer thus the administrator and you tell us to boot under your normal user name what should i do still boot under the administrator or not.Cheers Emlyn

    Ops i forgot when i try to download and run TOOL 2 VIRTUMUNDOBEGONE i get this message *NSIS ERROR* **The installer you are trying to use is corrupted or incomplete .This could be the result of a damaged disk, a failed download or a virus **Ive tried two different sites to download and still the same message
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    First, when you boot into safe mode, you`re given the option of booting under your normal user account name or the administrator. You should boot under your normal account name, otherwise some of the tools may not work.

    Try downloading the Virtumundobegone tool again, if you still have problems, skip it and move on to the rest of the instructions.


    Regards Howard :)

    This thread is for the use of emlynt2000 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. emlynt2000

    emlynt2000 TS Rookie Topic Starter

    Virus FREE

    As instructed i followed the guide on virus removal and it seems I'm virus free......Many thanks for the learning experience.Just to be on the safe side i wounder if you could have a look at the log to see if a problem is waiting to happen.Once again thanks howard+-
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    Poker.com

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    Poker.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU)

    Fix all 018-Protocol entries, except for the 2 MSNMES~1 entries.

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\Poker.com Delete the entire folder.

    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    Post a fresh HJT log as well as an AVG Antispyware log.

    Regards Howard :)

    This thread is for the use of emlynt2000 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. emlynt2000

    emlynt2000 TS Rookie Topic Starter

    Poker and 018 protocol removal

    As instructed i have removed poker.com and the 018 protocol entries except them 2 msn.Didnt find any reference to poker.com in add remove but removed it from Program files.Does this mean I'm unable to use this app again(dont want to click on shortcut for poker.com in case i have to go though this all again.
    As instructed logs attached.
    Once again many thanks Howard
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    You shouldn`t use Poker.com as it puts adware on your computer. Just delete the Poker.com shortcut.

    If you have any further virus/spyware problems, please post in this therad.

    Regards Howard :)

    This thread is for the use of emlynt2000 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. emlynt2000

    emlynt2000 TS Rookie Topic Starter

    Thanks Howard hopefully i have learnt my lesson but its a great comfort to know you and your team are here THIS IS A TOP SITE
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...