TechSpot

Vundo and winworm32

By Mechakingkong
Nov 10, 2008
  1. does anybody know what this is?couldn't find info online..
    {E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}

    recovered from vundo, ads and winworm32 sometime ago, still eliminating stuff.please help

    path: Mipc\hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}
     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  3. Mechakingkong

    Mechakingkong TS Rookie Topic Starter Posts: 43

    here are the 3 logs
     

    Attached Files:

  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Had a very quick check, didn't see any Virus\Malware running
    How does it seem to be running?
     
  5. Mechakingkong

    Mechakingkong TS Rookie Topic Starter Posts: 43

    i thought it was either the unremovable opentalk or arcsoft video downloader things. i can't remove them with add remove programs, highjackthis, nor from regedit they keep coming back. is there a hidden file for these?
     
  6. rf6647

    rf6647 TS Maniac Posts: 829

    I suggest updating MBAM & re-run.

    Your last post did not give me a clear picture. Are you describing observations or vague feelings? [see edit below]

    User must verify this.
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7F4001F9-1A4C-413A-8C56-FC5A8D906569}: NameServer = 200.63.155.47 200.63.155.175
    200.63.155.47 & 200.63.155.175 = blacklist reports from robtex

    Unknows - look for icon in the notify portion of the task bar
    O20 - Winlogon Notify: geBtTLby - C:\WINDOWS\ -- no info
    O24 - Desktop Component 0: Privacy Protection - (no file)

    To go deeper on this problem will require different strategy / different tools
    1. Run MBAM in safe mode
    2. Use ComboFix Link to instructions from Blind Dragon

    [edit] Your last post seems to describe an incomplete uninstall.
    RunScanner for ArcSoft
    This describes a connection service. This may explain O17 findings.

    Google - uninstall ArcSoft

    No info available in databases
    O4 - HKCU\..\Run: [OpenTalk] C:\Archivos de programa\OpenTalk\OpenTalk.exe

    However, this is another possible program related to O17 findings.
    ZDnet OpenTalk product description
     
  7. Mechakingkong

    Mechakingkong TS Rookie Topic Starter Posts: 43

    virus winworm 32

    unfortunatly, my system 32 files got damaged before i read last post :dead:
    i found out that reformating is much easer for unexperienced people like me.:haha:
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...