Karl`s PC Help Forums Last active: Never
Not logged in [Login ]
Go To Bottom

In memory of Karl Davis, founder of this board, who made his final journey 12th June 2007

Printable Version | Subscribe | Add to Favourites   Post new thread Poll:
Author: Subject: Not a valid....BUG help plz
MTM
New User
*




Posts: 12
Registered: 26-12-2007
Theme: KF Blue (Default)
Member Is Offline

Mood: No Mood

[*] Post 313625 posted on 26-12-2007 at 14:56 Reply With Quote
Not a valid....BUG help plz



Hi all, I hope someone can help me. I've been a getting the "This is not a valid...." message for quite a while now and would appreciate help with how to remove this bug/virus from my pc. I started the follwoing scan with a free download online:

Wednesday, December 26, 2007 2:51:19 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/12/2007
Kaspersky Anti-Virus database records: 494133


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\

Scan Statistics
Total number of scanned objects 23125
Number of viruses found 3
Number of infected objects 8
Number of suspicious objects 0
Duration of the scan process 00:26:02

Infected Object Name Virus Name Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\ModemLog_Smart Link 56K Modem.txt Object is locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{430F1C1F-F730-4B95-84ED-CB24D9DF10C3}.crmlog Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{DDE4DC89-FAE4-40B2-9856-03F0AE61E2E0}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\bar.0\MWSSRCSP.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\37NDGC2E\help[1].htm Infected: Exploit.VBS.Phel.a skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6DK5KHE3\help[1].htm Infected: Exploit.VBS.Phel.a skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6DK5KHE3\wbk37.tmp Infected: Exploit.VBS.Phel.i skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\M6F1EDG9\help[1].htm Infected: Exploit.VBS.Phel.a skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YBGLAPQL\help[1].htm Infected: Exploit.VBS.Phel.a skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YBGLAPQL\wbk39.tmp Infected: Exploit.VBS.Phel.i skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YBGLAPQL\wbk3B.tmp Infected: Exploit.VBS.Phel.i skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

Scan was interrupted by user!
View User's Profile View All Posts By User
Daz
Custom User Title
*******


Avatar


Posts: 6630
Registered: 10-8-2002
Location: Deb'n
Theme: KPCH Default Blue
Member Is Offline

Mood: w00t - Lge1 :-))

[*] Post 313643 posted on 27-12-2007 at 01:13 Reply With Quote


Click HERE to see instructions on posting a Hijack This log which will help our resident expert advise you further...

It might also be advisable to allow an online scan, like you started above, to complete...

Kaspersky is a very well respected site so you should be able trust it's results. It can be a long process, but it is important to let it complete...

Another recommended site is Trend's online scanner.... Available HERE
View User's Profile View All Posts By User Daz's Aim This User Has MSN Messenger Daz's Yahoo
Pancake
Custom User Title
*******


Avatar


Posts: 537
Registered: 17-4-2006
Location: Victoria Australia
Theme: KF Blue (Default)
Member Is Offline

Mood: No Mood

[*] Post 313650 posted on 27-12-2007 at 04:29 Reply With Quote


Please download the http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe]OTMoveIt by OldTimer

Save it to your desktop.

Please double-click OTMoveIt.exe to run it

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):



Quote:

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\bar.0\MWSSRCSP.EXE




Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.

Click the red Moveit! button.

Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

================================================

Empty your temp internet files.....



1) Open Internet Explorer and click on Tools
2) Click on Internet Options
3) On the General Tab, in the middle of the screen, click on Delete Files
4) You may also want to check the box "Delete all offline content"
5) Click on OK and wait for the hourglass icon to stop after it deletes the temporary internet files
6) You can now click on Delete Cookies and click OK to delete cookies that websites have placed on your hard drive.

To clear the Internet History in IE:

1) Open Internet Explorer and click on Tools
2) Click on Internet Options
3) On the General Tab, in the middle of the screen, click on Clear History
4) Click OK

To clean up other temporary files on your computer:

1) Click Start, Programs (or All Programs), Accessories, System Tools, Disk Cleanup
2) Choose the correct drive usually C:\
3) Check the boxes in the list and delete the files
View User's Profile View All Posts By User
Post new thread Poll:

Guest Notice
You are a guest, as a guest you can only see a maximum of 3 posts per thread.

If you want to see the rest, please click here to register.