Pls. help can't clean Virus New Poly Win32

By ben321load
Dec 6, 2005
  1. Pls. help my PC show A Virus has been detected addwt32.exe is infected by New Poly Win32 and McAfee can't clean this Virus.
  2. Vigilante

    Vigilante TechSpot Paladin Posts: 1,666

    You should go into Safe Mode first. Run a full scan with McAfee from there, it should be able to delete it.

    From HJT, "check" these entries:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\bjnef.dll/sp.html#17702
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\bjnef.dll/sp.html#17702
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\bjnef.dll/sp.html#17702
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\bjnef.dll/sp.html#17702
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\bjnef.dll/sp.html#17702
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\bjnef.dll/sp.html#17702
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\bjnef.dll/sp.html#17702
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
    O2 - BHO: Class - {FBD6353C-D46D-064E-0DB4-A986D34AD0CE} - C:\WINDOWS\ntgj32.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
    O16 - DPF: {637BB540-6ABA-11D4-901D-00D0090CB3BC} (FMClass Class) -

    There is likely more but these stick out. It's mainly the ones on top that are the baddies.
    Scan with your updated McAfee, Ewido, MS Beta, Adaware, clean these in HJT. Do all from Safe Mode. Then post new HJT log.

    Read and follow these two threads: (note that if you go in Safe Mode with Networking, you can get online, post here, download tools etc...)

    If you carefully follow all this instruction, you should be able to get rid of it. It may take time, and many tools, but you'll get through it.

    good luck
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...