b.exe

Status
Not open for further replies.
E

Emmalinauk

Posts: 13   +0
I seem to have downloaded some kind of trojan / spyware / virus thing (I don't know what it is) . It's called b.exe and there is a post somewhere on how to delete it, which I will do.

My question is, do I have to back up everything before going into "safe mode" or will amy files be ok?

Thanks for your help!

Emma
 
Hello and welcome to Techspot.

No you don`t need to back everything up before going into safe mode.

Go HERE and follow the instructions exactly.

Post a fresh HJT log as an attachment into this thread, only after doing the above.

Regards Howard :wave: :wave:

This thread is for the use of Emmalinauk only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
do you know how to get 2 safe mode?? and if you don't mind me asking... where do you live??[ just a state is fine]
 
I do know because I saw it on a previous post.

Were you asking me what state I'm from btw? I'm from London, England

:)
 
sorry i know someone form the US named emma i guessed my chances are slim. sorry thought you were someone else
 
Hello again...

I tried to do what you said in a previuos post (about deleting netmon.exe & stub_113_4_0_4_0.exe) but I can't find them anywhere. Is it possible I have something else wrong?

Do you have any other ideas?

Thanks for your help
Emma
 
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

PartyGaming\PartyPoker
Dealio
BroadJump\Client Foundation
broadband medic

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

CFD.exe
DealioAu.exe
wmplayer.exe
matcli.exe
RunApp.exe
MotiveSB.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O1 - Hosts: 205.238.40.2 www.winmx.com

O1 - Hosts: 205.238.40.2 err.winmx.com

O1 - Hosts: 209.67.209.50 test3201.winmx.com test3203.winmx.com test3205.winmx.com test3207.winmx.com

O1 - Hosts: 82.43.224.20 test3202.winmx.com test3204.winmx.com test3206.winmx.com test3208.winmx.com

O1 - Hosts: 209.67.209.50 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com

O1 - Hosts: 212.227.64.159 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com

O1 - Hosts: 82.195.155.5 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com

O1 - Hosts: 82.43.224.20 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com

O1 - Hosts: 209.67.209.50 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com

O1 - Hosts: 212.227.64.159 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com

O1 - Hosts: 82.195.155.5 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com

O1 - Hosts: 82.43.224.20 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com

O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\Dealio.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\Dealio.dll

O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [au] "C:\Program Files\Dealio\DealioAu.exe"

O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe

O4 - Global Startup: wmplayer.exe

O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\res\DealioSearch.html

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\Dealio.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\Dealio
C:\Program Files\PartyGaming
C:\Program Files\ntl\broadband medic
C:\Program Files\BroadJump
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\wmplayer.exe


Reboot into normal mode and turn system restore back on.

Post a fresh HJT log.

Regards Howard :)

This thread is for the use of Emmalinauk only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Hi Howard

I have done what you suggested and it seems to have worked as I am no longer getting the b.exe error message. I am however, still getting pop ups from NTL Netguard saying that it has detected a virus.

I assumed that the b.exe was causing the problems but I think that probably not the case now.. I have attatched the error message that continuously pops up whilst my PC is on. It basically says that I have a virus and lists names of songs - non of which I have downloaded and they are not on my PC?!. (I have also attached an updated HJT log)

Any help would be much appreciated.

Thanks for your help!

Emma
 
Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\res\DealioSearch.html

Click on the fix checked button.

Close HJT.

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

This is the filepath you need to enter into killbox.

C:\Program Files\Dealio\res\DealioSearch.html

Once your system has rebooted, turn system restore back on and post a fresh HJT log.

Regards Howard :)

This thread is for the use of Emmalinauk only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
You were quick - I just amended my reply as it didn't work after all

Will what you said fix my other problem too?

Thanks
Emma
 
Here is my HJT log.

I'm still getting the Netguard pop ups :( They only seem to appear when I open a P2P site though I've realised...

Thanks again
Emma
 
Your HJT log is clean.

The NTL Netguard programme is utter crap. It`s known to give false positives.

The best advice I can give you is to download the free AVG antivirus programme and either the free Zonealarm or the free Kerio firewall programmes. You can get them HERE, HERE and HERE.

Then disconnect from the net and uninstall Netguard from add remove programmes in your control panel. Once it`s fully uninstalled, reboot your system.

Install whichever firewall you chose, followed by AVG. reboot your system the required number of times and reconnect to the net. Run the AVG updates.

Boot into safe mode and turn off system restore. Run a full system scan with AVG and delete whatever it finds.

Reboot into normal mode and turn system restore back on.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of Emmalinauk only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Hi Howard

I have followed your instructions and it appears to have worked (thank goodness I hear you cry!)

Thanks for all your help - I really appreciate it!

Take care
Emma x

:D
 
Status
Not open for further replies.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
475
eriksnyman1
E
M
Virus warning popup
Replies
1
Views
539
Mark Fuller
M
midian182
Google to delete billions of Incognito mode browsing records as part of lawsuit settlement
Replies
6
Views
145
ZedRM
ZedRM

Latest posts

Back