TechSpot

Pls. help can't clean Virus New Poly Win32

By ben321load
Dec 6, 2005
  1. Pls. help my PC show A Virus has been detected addwt32.exe is infected by New Poly Win32 and McAfee can't clean this Virus.
     
  2. Vigilante

    Vigilante TechSpot Paladin Posts: 2,120

    You should go into Safe Mode first. Run a full scan with McAfee from there, it should be able to delete it.

    From HJT, "check" these entries:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\bjnef.dll/sp.html#17702
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\bjnef.dll/sp.html#17702
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\bjnef.dll/sp.html#17702
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\bjnef.dll/sp.html#17702
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\bjnef.dll/sp.html#17702
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\bjnef.dll/sp.html#17702
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\bjnef.dll/sp.html#17702
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
    O2 - BHO: Class - {FBD6353C-D46D-064E-0DB4-A986D34AD0CE} - C:\WINDOWS\ntgj32.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/286f6a80a88010b35506/netzip/RdxIE601.cab
    O16 - DPF: {637BB540-6ABA-11D4-901D-00D0090CB3BC} (FMClass Class) - http://www.flashants.com/codebase/fmplayer.cab

    There is likely more but these stick out. It's mainly the ones on top that are the baddies.
    Scan with your updated McAfee, Ewido, MS Beta, Adaware, clean these in HJT. Do all from Safe Mode. Then post new HJT log.

    Read and follow these two threads: (note that if you go in Safe Mode with Networking, you can get online, post here, download tools etc...)

    http://www.techspot.com/vb/topic27710.html

    http://www.techspot.com/vb/topic17297.html

    If you carefully follow all this instruction, you should be able to get rid of it. It may take time, and many tools, but you'll get through it.

    good luck
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.