HELP!! Got a damn virus!
Frank Z
Posts: 5,860
W32/Cult.worm.gen
File name is wuaumqr.exe. McAfee won't remove, delete, or Quarantine (sp?) the damn thing. Found plenty of sites that say they are FREE...the scan is but it cost $$$ to get the software to delete the virus.
Anyone able to help me out here?
File name is wuaumqr.exe. McAfee won't remove, delete, or Quarantine (sp?) the damn thing. Found plenty of sites that say they are FREE...the scan is but it cost $$$ to get the software to delete the virus.
Anyone able to help me out here?
Post edited by RyanC_Masimo on
Comments
-
Frank, here is a free antivirus you can try:
http://www.free-av.com/
No idea if it will work though but you sound desperate right?
I use Norton and I pay for it.
Paul -
-
Thanks for the help! I'm running it right now, if it works I'm driving to your place and planting a sloppy girlie kiss on your left cheek!!
Probably not what you were hoping for, but that's all I got!:D
This really bites cuz my hard drive in my home PC **** the bed and I'm using my business pc now. Lost everything on the damn drive.:mad: -
BlueMD,
Thank you sir...your also offically on my "Thank You" list as well....
NEXT!!
-
So it worked? Looks like a good one and I've had people from other forums recommend it.
-
Don't polish up that rump just yet!!
It's still chugging along. Might have to let it run over night. I'll let you know how it goes. -
Big suprise AIM related...fixed that issue AGES ago.....I haven't used AIM....hmmmm ever, aside from creating a login. There are alternates you know.....and you can still keep you AIM buddies.
AIM IS A VIRUS, as far as I'm concerned. Microsoft intentionally makes it hard to get rid of. It's a multi-step issue to get rid of AIM.
Frank - You know Blue is like hardcore right? You should listen to his resume.CTC BBQ Amplifier, Sonic Frontiers Line3 Pre-Amplifier and Wadia 581 SACD player. Speakers? Always changing but for now, Mission Argonauts I picked up for $50 bucks, mint. -
Doro,
I've had a beer, so bear with me...AIM as in AOL Instant Messenger? Never had it, never will. -
I have AIM installed. A lot of us around CP do. I used AIM tonight for the first time in a long time. Caught up with a few folks. Didn't realize that AIM virus Blue pointed out existed.
Good luck Frank. Hope all works out for ya. I've been burned a few times; now I backup regularly to a 2nd HD and subscribe to Norton. I want to get a portable HD that uses the USB port to backup so the backup is totally disconnected when the computer is in use. The portables are getting pretty cheap nowadays. < $100. -
PJ,
No luck bro...damn thing is still in there.:mad:
I've tried Ad-Aware and Spybot, neither has found the file. McAfee ID's it but can't remove it. I've tried running the McAfee Rescue Disk without any success either. It finds the infected files but doesn't go beyond that.
Considering the purchase of a shotgun and going out to look for the fu#$%#% that created this or any worm and expressing my self in a way that he/she might not find too pleasant.
I don't do **** sites and stuff like that (really) and I'm really pissed that someone get's a kick out of **** around with other peoples stuff.
So far I've been able to find out that this file is somehow related to Kazaa...WTF is KAZAA?!? -
Damn!
KAZAA is some sort of file sharing program like Napster was.
If you paid for McAfee maybe they can help? Customer support? Updates on program? -
I've got Premier McAfee schstuff!! Comes with my DSL service. I'll try to get some support from them in the morning.
Thanks for the assist. -
If you feel comfortable enough, you can go into the registry and yank stuff there so it never works again, and then you delete the files from your harddrive, a manual uninstall.
If you ever want to do another 30 day trial on your compy, you just find the registration ID and delete, I love those small tricks... -
Originally posted by Frank Z
This really bites cuz my hard drive in my home PC **** the bed and I'm using my business pc now. Lost everything on the damn drive.:mad:
This expression will never get old and will always produce a laugh every time I see or hear it. -
There's also a support forum for that free antivirus program. I'll try doing a search for that particular virus.
Plenty of tech savy people here on the forum too (much more than I). John S. and a few others.
I'd be ticked if I paid for something and still got a virus though.
http://www.free-av.de/cgi-bin/ubb/ultimatebb.cgi?ubb=forum&f=3 -
I meant AIM specifically, due to the link, but Windows Messenger is just as bad for those of us non-AOL folks....in other words the non-AOL slaves....I'm a Comcast slave lol. Anyways, now we know the root cause of your problem.
If you have a Kazaa infection, the virus scan is telling you where it is, just source it manually and remove it....it will most likely be a application specific registry entry, as mentioned previously.
As a side note...You ever try and remove McAfee? Try doing that someday, it's a REAL pain in the ****.
I always used the Virus programs to isolate the issue, and tell me where it resides. After that, it was manual registry destruction....but not recommended for the faint of heart, registry entry issues are serious.
Unless someone "planted" Kazaa on your registry, which is not likely, it's been used on your computer at some time, and is being exploited.
I use www.dslreports.com for my issues, that crew is solid.
CTC BBQ Amplifier, Sonic Frontiers Line3 Pre-Amplifier and Wadia 581 SACD player. Speakers? Always changing but for now, Mission Argonauts I picked up for $50 bucks, mint. -
There's more where that came from...Originally posted by Demiurge
This expression will never get old and will always produce a laugh every time I see or hear it.
Screwed the pooch....
Like a monkey Effin a Football.... -
http://vil.nai.com/vil/content/v_100105.htm
Looks like a McAfee website screenshot with some instructions there. -
Sorry Frank - I made an assumption regarding your problem. Here's the "hard way."
1) For manual removal of the spyware (they're effin' virus files in my book), you must first end any of these processes that may be running:
"YahooMsngr.exe", "NETSTATT.exe", "YahooMsgr.exe", "wintcp.exe", "lansrv.exe", "idctup20.exe", "fpjlfrllddpnsi.exe", "svcl.exe", "exhhulashk.exe", "OSNERAOUSGZDPV.exe", "winampa.exe", "Data", "Debug", "Slideshow.exe", "Payload.exe", "MSCVT.exe", "service.exe", "zzqh.exe", "zzb.exe", "snd332.exe", "aim1.exe", "lsas.exe", "taskmanage.exe", "winxp.exe", "download_me.exe", "windowsupdater.exe", "wuaumqr.exe", "winupdat.exe", "blengine.exe", "ChannelUp.exe", "hpztsb05.exe", "av.exe", "b.exe", "bbb.exe", "wucaumqr.exe", "winampa", "xlroue.exe", "A0L.exe", "iexpl0re.exe", "svehost.exe", "bvjlxjs.exe", "gxmryzf.exe", or "aocyvou.exe" using DS Software's Taskill utility available from
http://members.ozemail.com.au/~nulifetv/freezip/freeware/taskill.exe
and open it to see a list of running programs. Choose the process and select "Kill". Unlike Task Manager, this utility will end rogue processes before they can spawn another copy of themselves.
2) Now you will need to search through the hard drive for the files "YahooMsngr.exe", "NETSTATT.exe", "YahooMsgr.exe", "wintcp.exe", "lansrv.exe", "idctup20.exe", "fpjlfrllddpnsi.exe", "svcl.exe", "exhhulashk.exe", "OSNERAOUSGZDPV.exe", "winampa.exe", "Data", "Debug", "Slideshow.exe", "Payload.exe", "MSCVT.exe", "service.exe", "zzqh.exe", "zzb.exe", "snd332.exe", "aim1.exe", "lsas.exe", "taskmanage.exe", "winxp.exe", "download_me.exe", "windowsupdater.exe", "wuaumqr.exe", "winupdat.exe", "blengine.exe", "ChannelUp.exe", "hpztsb05.exe", "av.exe", "b.exe", "bbb.exe", "wucaumqr.exe", "winampa", "xlroue.exe", "A0L.exe", "iexpl0re.exe", "svehost.exe", "bvjlxjs.exe", "gxmryzf.exe", or "aocyvou.exe". These files would be hidden, and will require you to enable viewing of hidden files and folders.
To do this, click on the Tools menu in Explorer, then click Folder Options, and go to the View tab. (if you are on 98 this will be in the View menu) Now check the box next to "show hidden files and folders" and uncheck the "Hide protected operating system files" box. Now choose "apply to all folders" and click apply.
The files are usually located in "C:\", "C:\Windows\", "C:\Winnt\", "C:\Windows\System\", "C:\Winnt\System\", "C:\Windows\System32\", "C:\Winnt\System32\", "C:\Program Files\PSD Tools\", "C:\Program Files\PSDTools\" or C:\Documents and Settings\yourusername\Applicaton Data", though it varies on computer to computer.
3) Delete any of the files if they exist.
4) Apply all all available Windows updates. Microsoft claims to have addressed these vulnerabilities with XP Service Pack 2.
Let me know if you find the **** who do this crap. I'll bring my blade. We'll cut 'em if they stand still and shoot 'em if they run!
:cool: -
Frank Z,
You can try TrendMicro.com, they have a free virus scan and seem very up to date.
Here is a link Trend Micro
Just follow the instruction, it's pretty simple.
Hope this helps.
GeraldMain System:
Denon AVR-2805, Polk Audio RTi70's, Polk Audio CSi40, Polk Audio FXi50, Paradigm PW-2200 v.2, Toshiba 42XV545U HDTV
Second System:
Denon AVR-1705, Polk Audio R40, Polk Audio CS245i, Polk Audio R15, Paradigm PS-1200a -
AVG is an excellent full-featured virus scanner. You can get it at www.grisoft.com. Much better than anything from McAfee.Ludicrous gibs!
-
Originally posted by nadams
AVG is an excellent full-featured virus scanner. You can get it at www.grisoft.com. Much better than anything from McAfee.
Agreed, I've used this for a couple years now.
Sorry to hear about your Virus Frank. If you have a CD burner, I'd start gettin all your important files backed up, and then wipe everything out and start from scratch. I like to do that once a year or so -- no matter how diligent I am about spyware and the like, you never know when somethin sneaks in there, and there's only one way to be sure
If you will it, dude, it is no dream. -
i just type format c: and all virus is gone my dad gets alot of them on his labtop so i usaly re insatll his os twice a year. i usaly do mine every year to get rid of stupid little programs i dont use any more
-
-
Originally posted by nadams
I prefer prevention to damage control....
Most people woudl agree, but unfrotunately no matter how hard you try you can't prevent everything. Not to mention that even without viruses and malware, you end up with a lot of registry clutter and general slowness after a while with Windows - it's inevitable if you use it for ANYTHING. So a yearly (or maybe a little less frequent than that) purge can be infinitely helpful.
Plus it makes you feel like you have a new system again. Puts the upgrade bug at bay. If you will it, dude, it is no dream. -
Finally got thru to the thread. This thing is a worm infected from an E-mail. See my post to Frank. It's waiting to do nasty things.
He could try the Microsoft removal tool.
A good free Antivirus: http://free.grisoft.com/doc/1
Also I like Zonealarm the free one from Zonelabs.com
I personally pay for Norton's Int. Security Pro, well worth it IMO>
>
>This message has been scanned by the NSA and found to be free of harmful intent.< -
Sorry for the delay in getting back to all of you fine folks.
I ended up removing all of my Ad-ware, Spybot, McAfee, etc. type programs and installed a trial version of Norton Anti-Virus. That whole process was a real ****!! Got Norton up and running but got no love there either.:mad:
Sooooooooooooooo.... Back to the McAfee software. I had previously created a Rescue Disk via McAfee and tried it again. The disk contains a program called Magic Bullet. I let it run overnight, not sure how long it normally takes. So far so good. No sign of the virus, no warnings from my virus scanner, and a search of the local drives didn't show any of the nasty **** hiding anywhere. I was able to locate it easily before, but nothing all day today.
I want to thank all of you for chiming in and offering advice, web sites, solutions, and general bashing of hackers!!
If any of you guys and gals ever need any info regarding HVAC/R stuff I'll be more than happy to help in any way possible.
You folks are the complete and total Shiznit!! Hats off to Polkies!! -
It pays to keep your cool>
>
>This message has been scanned by the NSA and found to be free of harmful intent.< -
The disk contains a program called Magic Bullet
Magic Bullet for the computer how about a Sliver bullet (Coor's light) for the Frankster?
Cheers man and happy for you that you got it resolved. -
I sure could use one today!! Stayed up way to late last night messin' with this damn 'puter, then had to do a furnace change out about 30 miles outta town. Luckily the duct cleaning guys had already removed the 24 dead birds from the ducts.:rolleyes: No more crusty fowl, but GAWD the SMELL!! Can you say R-E-T-C-H!!
