Downloader.Istbar.4 persists audio hardware now failing HELP

  • Thread starter Thread starter kevin
  • Start date Start date
K

kevin

hi there, I got a lot of idea's to get rid of this trojen or what
ever it is.
I ended up deleating the file it was attached too, and then had to
reinstall XP.
Now my media player is not working and it is saying the hardware is
failing but it is new hardware and I didn;t format the drive.
I have checked and reinstalled the audio drivers for it.

The fault I'm getting is Ox800 40356
and the original file i deleated was a 08569BoAd01 file, which was
what AVG was pointing at.

please help

thanks
kevin
 
| hi there, I got a lot of idea's to get rid of this trojen or what
| ever it is.
| I ended up deleating the file it was attached too, and then had to
| reinstall XP.
| Now my media player is not working and it is saying the hardware is
| failing but it is new hardware and I didn;t format the drive.
| I have checked and reinstalled the audio drivers for it.
|
| The fault I'm getting is Ox800 40356
| and the original file i deleated was a 08569BoAd01 file, which was
| what AVG was pointing at.
|
| please help
|
| thanks
| kevin

Dump the contents of the IE Temporary Internet Folder cache (TIF)

Start --> Settings --> Control Panel --> Internet Options --> Delete Files


Dump the contents of the Mozilla FireFox Cache

Tools --> Options --> Privacy --> Cache --> Clear


1) Download TrendMicro Sysclean by other of the following 2 methods

Trend Sysclean Method 1
---------------------------------------
Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Create a directory.
On drive "C:\"
(e.g., "c:\sysclean")

Download SYSCLEAN.COM and place it in that directory.
Download the signature files (pattern files) by obtaining the ZIP file.
For example; lpt576.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

Trend Sysclean Method 2
---------------------------------------
Download the utility SYSCLEAN_FE at the following URL --
http://www.ik-cs.com/got-a-virus.htm
SYSCLEAN_FE automates the download and execution process of the Trend Sysclean Package.
Direct URL --
http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe

2) Download Ad-aware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Update Ad-aware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode and shutdown as many applications as possible.
5) Using both the Trend Sysclean utility and Ad-aware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point

* * * Please report back your results * * *
 
thanks dave:-)

didn't fix it though
I did as you suggested and used the programs, I disabled my sys
restore as you said.
ad-ware SE found the following bugs below, it only found 1 critical,
now I uninstalled the media player and reinstalled too no avail
though:-(

Is it possible it has actually damaged the hardware??
no other application seems effected, what can you suggest now please

thanks
kevin


ArchiveData(auto-quarantine- 2005-04-19 01-04-58.bckp)
Referencefile : SE1R39 15.04.2005
======================================================

ALEXA
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=Regkey : software\microsoft\internet
explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
obj[1]=RegValue : software\microsoft\internet
explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "MenuText"
obj[2]=RegValue : software\microsoft\internet
explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
"MenuStatusBar"
obj[3]=RegValue : software\microsoft\internet
explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "Script"
obj[4]=RegValue : software\microsoft\internet
explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "clsid"
obj[5]=RegValue : software\microsoft\internet
explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "Icon"
obj[6]=RegValue : software\microsoft\internet
explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "HotIcon"
obj[7]=RegValue : software\microsoft\internet
explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
"ButtonText"
obj[8]=RegValue : .DEFAULT\software\microsoft\internet
explorer\extensions\cmdmapping
"{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
obj[9]=RegValue : S-1-5-18\software\microsoft\internet
explorer\extensions\cmdmapping
"{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
obj[10]=RegValue : S-1-5-21-861567501-1580436667-1801674531-1004\software\microsoft\internet
explorer\extensions\cmdmapping
"{c95fe080-8f5d-11d2-a20b-00aa003c157a}"

TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[11]=IECache Entry : C:\Documents and Settings\Kevin Dauth\Local
Settings\Temp\Cookies\kevin dauth@overture[1].txt
 
| thanks dave:-)
|
| didn't fix it though
| I did as you suggested and used the programs, I disabled my sys
| restore as you said.
| ad-ware SE found the following bugs below, it only found 1 critical,
| now I uninstalled the media player and reinstalled too no avail
| though:-(
|
| Is it possible it has actually damaged the hardware??
| no other application seems effected, what can you suggest now please
|
| thanks
| kevin
|
|
| ArchiveData(auto-quarantine- 2005-04-19 01-04-58.bckp)
| Referencefile : SE1R39 15.04.2005
| ======================================================
|
| ALEXA
| »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
| obj[0]=Regkey : software\microsoft\internet
| explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
| obj[1]=RegValue : software\microsoft\internet
| explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "MenuText"
| obj[2]=RegValue : software\microsoft\internet
| explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
| "MenuStatusBar"
| obj[3]=RegValue : software\microsoft\internet
| explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "Script"
| obj[4]=RegValue : software\microsoft\internet
| explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "clsid"
| obj[5]=RegValue : software\microsoft\internet
| explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "Icon"
| obj[6]=RegValue : software\microsoft\internet
| explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "HotIcon"
| obj[7]=RegValue : software\microsoft\internet
| explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
| "ButtonText"
| obj[8]=RegValue : .DEFAULT\software\microsoft\internet
| explorer\extensions\cmdmapping
| "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
| obj[9]=RegValue : S-1-5-18\software\microsoft\internet
| explorer\extensions\cmdmapping
| "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
| obj[10]=RegValue :
| S-1-5-21-861567501-1580436667-1801674531-1004\software\microsoft\internet
| explorer\extensions\cmdmapping "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
|
| TRACKING COOKIE
| »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
| obj[11]=IECache Entry : C:\Documents and Settings\Kevin Dauth\Local
| Settings\Temp\Cookies\kevin dauth@overture[1].txt

Boot yourPC into Safe Mode.
Dump the contents of the IE Temporary Internet Folder cache (TIF)

Start --> Settings --> Control Panel --> Internet Options --> Delete Files

Unhide the following Folder and all subdirectories..
C:\Documents and Settings\Kevin Dauth\Local Settings\Temporary Internet Files\Content.IE6

(may be C:\Documents and Settings\Kevin Dauth\Local Settings\Temporary Internet
Files\Content.IE5)


Delete all files and folders under Content.IE6 (may be Content.IE5)

When finished, reboot your system again and bring it back up in normal mode. Then run a full
scan with AVG and let me know if it is still seeing the infected file.
 
hi dav, my login folder didn't have the content.IE at all and all the
hidden files where in view, the cache files where being dumped
straight into the tempinternet folder, mind you there was a content.IE
in the admin and other users folders. I deleated all of them ? don't
think that was the problem???

thanks
kevin
 
Back
Top