Virus - Notepad exits by itself - C:\WINDOWS\system32\advpackf.exe

  • Thread starter Thread starter Fonti
  • Start date Start date
F

Fonti

My PC is infected with a virus. It is popping up with "Your system is
probably infected with latest version of Spyware.cyberlog.X.

When I checked with Process explorer it showed that one process is running
"C:\WINDOWS\system32\advpackf.exe" which has written many entries in Regedit.

I have killed the process and deleted all the entries in registry editor, I
could find.

Strange thing is when I search on C:\WINDOWS\system32\ for the file
advpackf.exe even after unhiding all the files. It fails to show up, however
if I run the C:\WINDOWS\system32\advpackf.exe from the Run menu, it again
starts all the popups and tries to change the start up page of browser.

After this virus, I am unable to start Notepad.exe, after starting Notepad
immediately exits by itself.

Please advice.
--
SS
 
From: "Fonti"

| My PC is infected with a virus. It is popping up with "Your system is
| probably infected with latest version of Spyware.cyberlog.X.
|
| When I checked with Process explorer it showed that one process is running
| "C:\WINDOWS\system32\advpackf.exe" which has written many entries in Regedit.
|
| I have killed the process and deleted all the entries in registry editor, I
| could find.
|
| Strange thing is when I search on C:\WINDOWS\system32\ for the file
| advpackf.exe even after unhiding all the files. It fails to show up, however
| if I run the C:\WINDOWS\system32\advpackf.exe from the Run menu, it again
| starts all the popups and tries to change the start up page of browser.
|
| After this virus, I am unable to start Notepad.exe, after starting Notepad
| immediately exits by itself.
|
| Please advice.


1. Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe

2. Disable Notepad's word wrap:
In Notepad.exe Format --> uncheck "Word wrap"

3. Download/run Deckard's System Scanner:
http://www.techsupportforum.com/sectools/Deckard/dss.exe

4. Save the scan results (Main.txt and Extra.txt)

5. And then post the contents of Main.txt and Extra.txt in your post in one of the below
expert forums...


{ Please - Do NOT post the HJT and Deckard's System Scanner Logs here ! }

Forums where you can get expert advice for HiJack This! (HJT) and Deckard's System Scanner
Logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.malwarebytes.org/forums/index.php?showforum=7

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Rem...o_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
Back
Top