Pls. help my PC show A Virus has been detected addwt32.exe is infected by New Poly Win32 and McAfee can't clean this Virus.
Pls. help can't clean Virus New Poly Win32
- Thread starter ben321load
- Start date
- Status
Vigilante
Posts: 1,634 +0
You should go into Safe Mode first. Run a full scan with McAfee from there, it should be able to delete it.
From HJT, "check" these entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\bjnef.dll/sp.html#17702
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\bjnef.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\bjnef.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\bjnef.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\bjnef.dll/sp.html#17702
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\bjnef.dll/sp.html#17702
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\bjnef.dll/sp.html#17702
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: Class - {FBD6353C-D46D-064E-0DB4-A986D34AD0CE} - C:\WINDOWS\ntgj32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/286f6a80a88010b35506/netzip/RdxIE601.cab
O16 - DPF: {637BB540-6ABA-11D4-901D-00D0090CB3BC} (FMClass Class) - http://www.flashants.com/codebase/fmplayer.cab
There is likely more but these stick out. It's mainly the ones on top that are the baddies.
Scan with your updated McAfee, Ewido, MS Beta, Adaware, clean these in HJT. Do all from Safe Mode. Then post new HJT log.
Read and follow these two threads: (note that if you go in Safe Mode with Networking, you can get online, post here, download tools etc...)
https://www.techspot.com/vb/topic27710.html
https://www.techspot.com/vb/topic17297.html
If you carefully follow all this instruction, you should be able to get rid of it. It may take time, and many tools, but you'll get through it.
good luck
From HJT, "check" these entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\bjnef.dll/sp.html#17702
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\bjnef.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\bjnef.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\bjnef.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\bjnef.dll/sp.html#17702
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\bjnef.dll/sp.html#17702
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\bjnef.dll/sp.html#17702
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: Class - {FBD6353C-D46D-064E-0DB4-A986D34AD0CE} - C:\WINDOWS\ntgj32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/286f6a80a88010b35506/netzip/RdxIE601.cab
O16 - DPF: {637BB540-6ABA-11D4-901D-00D0090CB3BC} (FMClass Class) - http://www.flashants.com/codebase/fmplayer.cab
There is likely more but these stick out. It's mainly the ones on top that are the baddies.
Scan with your updated McAfee, Ewido, MS Beta, Adaware, clean these in HJT. Do all from Safe Mode. Then post new HJT log.
Read and follow these two threads: (note that if you go in Safe Mode with Networking, you can get online, post here, download tools etc...)
https://www.techspot.com/vb/topic27710.html
https://www.techspot.com/vb/topic17297.html
If you carefully follow all this instruction, you should be able to get rid of it. It may take time, and many tools, but you'll get through it.
good luck
- Status
Latest posts
-
Microsoft VASA tech can create realistic deepfakes using a single photo and one audio track- Squid Surprise replied
-
Amazon denies reports it started a business just to spy on rivals- nitebird replied
-
Nvidia GeForce RTX 3050 6GB Review: Quiet Release, Dodgy Name- captaincranky replied
