HELP! with my computer virus

Delete all files in the AVG virus vault.

I can find absolutely no info on the ucleaner_RT73o2aEZ2[1].exe file and I`m begining to run out of ideas on how to get rid of it.

Let`s see if this utility can get rid of the file for you. Run the utility from safe mode. This is the filepath to the file you need to delete.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.


C:\Documents and Settings\The Currie's\Local Settings\Temporary Internet Files\Content.IE5\SFQ9A7QZ\ucleaner_RT73o2aEZ2[1].exe

Once done, reboot your system and post a fresh HJT log from normal mode.

Regards Howard

This thread is for the use of davidstl only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Dear Howard,
Which way do I delete: Via Short Name or Via UNC? I see both UCleaner files and EasySpyRemover files with this DILINV utility.
PS are these programs actually doing things on my computer or are they just dead files?
Davidstl

Just stick to trying to delete the ucleaner_RT73o2aEZ2[1].exe file for now. This file is definitely active.

Try using the short Short Name, if that causes problems, try the UNC. Instructions are in the link I gave you.

Regards Howard

This thread is for the use of davidstl only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Dear Howard,
I did not find any file with RT73o2aEZ2[1].exe but I did see SFQ9A7QZ
This was found at C:\documentsandsettings\temporaryfiles\Content.IE5\SFQ9A7QZ.
I will try to delete it and search again for RT73o2aEZ2[1].exe
Davidstl
PS I'm surfing without freezing and I'm not getting pop-us...what do you think this program is doing?

I have no idea what that file does, as I can`t find any info for it. Edit: However, it appears that the RT73o2aEZ2[1].exe is part of the Ultimate Cleaner programme. This is a rogue Antispyware programme.

It probably isn`t there, but look in add/remove programmes in your control panel for anything to do with Ultimate Cleaner and uninstall it if you find it there.

Regards Howard

This thread is for the use of davidstl only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

HELP! with mycomputer virus

Dear Howard,
Well, here is another HJT Log for you. I turn up nothing ing the Add/Remove Programs concerning UCleaner. And when I search my c: drive it finds nothing related to RT73o2aEZ2[1].exe
If this is an ACTIVE program how come it does show in a file search or appear in Task Manager or anywhere. Just how am I to locate and remove or terminate it on my system?
It is 10:30 PM here. I'm going to bed. Thank you for all the help.
Davidstl

Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKCU\..\Run: [Ultimate Cleaner.install] "C:\Documents and Settings\The Currie's\Local Settings\Temporary Internet Files\Content.IE5\SFQ9A7QZ\ucleaner_RT73o2aEZ2[1].exe" continue

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Click on the fix checked button.

Close HJT and reboot your system.

Run HJT and see if the O4 - HKCU\..\Run: [Ultimate Cleaner.install] "C:\Documents and Settings\The Currie's\Local Settings\Temporary Internet Files\Content.IE5\SFQ9A7QZ\ucleaner_RT73o2aEZ2[1].exe" continue entry is still there. If it is, we`ll try a registry edit next.

Regards Howard

This thread is for the use of davidstl only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Dear Howard,
Check this out and tell me what you think...
http://fileinfo.prevx.com/fileinfo.asp?PXC=afaa74561680
I typed in RT73o2aEZ2[1].exe and got that web page.
Davidstl

It`s definitely worth a try to download the Prevx1 programme and see if it gets rid of it. I`ll keep my fingers crossed.

Regards Howard

This thread is for the use of davidstl only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

HELP!with my computer virus

Dear Howard,
I have just downloaded PREVX1. I will run it and get back to you with the results when it finishes; Probably in an hour or two.
Davidstl

Dear Howard,
Well PREVX1 did nothing to remove the UCleaner, even though it claimed it would. Oh well. Also, I tried your other suggestion; using HJT to FIX the 04, and 06 lines. It also did not work... 06 restrictions present, and 06 control panel pu resent were FIXed, yet the UCleaner remains. Let me know if you if you have another idea to remove it. I am posting a fresh HJT for your viewing pleasure.
Thank you for the help,
Davidstl

If you haven`t done so already, uninstall PREVX1.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Ultimate Cleaner

Close control panel

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

RT73o2aEZ2[1].exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKCU\..\Run: [Ultimate Cleaner.install] "C:\Documents and Settings\The Currie's\Local Settings\Temporary Internet Files\Content.IE5\SFQ9A7QZ\ucleaner_RT73o2aEZ2[1].exe" continue

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Documents and Settings\The Currie's\Local Settings\Temporary Internet Files\Content.IE5\SFQ9A7QZ<Delete the entire folder if you can.

Search your system for Ultimate Cleaner and delete all references found if you can.

Click start/run and type regedit into the run box and press the enter key. When the window appears maximise it. Click file/export and save a copy of your registry to wherever you want.

Click edit and choose find. Type Ultimate Cleaner into the dialogue box and click the find next button. Regedit will now search your registry for any entries that contain a reference to Ultimate Cleaner and display them in the righthand pane. Right click on any such Ultimate Cleaner entries and choose delete.

Now click edit again and choose find next. Again, delete any entries that reference Ultimate Cleaner.

Repeat the above, until no more Ultimate Cleaner entries are found.

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log and let me know the results.

Regards Howard

This thread is for the use of davidstl only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Dear Howard,
Okay, I followed your instructions in the last post and the regedit seems to have deleted the u_cleaner. Finally. And I'm posting my new HJT log for you. I want to say thank you. This has really been a learning experience.
And I will Uninstall PREVX1. It sucks anyway. What will happen to Quarintined items when I Uninstall? They won't get placed BACK on my computer, will they?
Thanks again,
Davidstl

Your HJT log is now clean.

I`m sorry it took so long to get rid of that bugger, but I`ve never come across it before.

You shouldn`t have any problems in uninstalling PREVX1, if the backups are left behind, just delete them.

Regards Howard

This thread is for the use of davidstl only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Dear Howard,
Thanks for your help. You really know your stuff. And thanks for making my directions easy to follow. I'll let you know if I have any more problems. I think the U_Cleaner was hiding in something called Add New Hardware Wizard\Parallel Device. There was an yellow or red question mark icon or something next to it too. Anyway, thanks again for your help.
davidstl

I Need Howards Help

Dear Howard,
I uninstalled AVG AntiVirus in order to try out Avast AntiVirus for awhile.
I did not like the way Avast worked, so I quickly uninstalled IT... And now I have redownloaded AVG but the software will not extract or open up onto my desktop, even though the Wizard says that AVG has been successfully installed. Do you have any idea why AVG is giving me a hard time?
Davidstl

Try downloading and installing AVG free from this link HERE. See if that helps.

Regards Howard

I Need Howards Help

Dear Howard,
I just tried the new AVG link you provided, but with no luck. My computer says: "AVG has been successfully installed", but I can't locate it on my Desktop or in my Start Button menu. I am at a loss here. If it is on my computer I would like to run it.
Also, I ran an AVG AntiSpyware scan today and along with 37 tracking cookies it found 3 high risk threats which it Quarantined. Why Quarantine instead of Delete? The threats found are:
c:\windows\system32\durvilz.exe
c:\systemvolumeinformation\_restore{DOBCD2DC-86DF-4E42-9CAA-96BECF3A6981}\RP844\AO235941.exe
c:\documentsandsettings\localservice\localsettings\temp\~ds39990.tmp

The AVG AntiSpyware called these threats a: Trojan.Durvil
I wanted to know if they can be safely deleted or should they remain in Quarantine?

Thanks for responding so quickly,
Davidstl

I have mreged your thread into this one.

Something`s obviously not right, so we need to run the full monty on your system again, I`m afraid.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, Combofix and AVG Antispyware logs as attachments into this thread, only after doing the above.

Regards Howard

This thread is for the use of davidstl only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Dear Howard,
I am home from work again today due to snow and ice; so i have time to work on this. I am going to begin running the scaners and tools you provided. I will get back to you with the results and post a series of logs.
Thanks for your help,
Davidstl
PS I WAS getting a error message at start-up saying:
Installer initialization failed due to following error:
Error initialization of the language file "c:\programfiles\grisoft\AVG7" failed
General failure
However, I am no longer getting that message