Kristina Posted March 21, 2009 I keep getting these same 3 files and I allow SAS to delete them and then you have to restart in which I say ok and then when the computer restarts it just keeps restarting itself then I have to start up in safemode and scan it with malwarebytes and then it starts back up normally I don't know if these are false positives or why I keep getting the same 3 files any help thank you Trojan.Fake-Drop/Gen C:\WINDOWS\SYSTEM32\MSDRVE.DLL C:\WINDOWS\SYSTEM32\SVCPRMPT.DLL C:\WINDOWS\VMOPTVER.DLL Share this post Link to post Share on other sites
SUPERAntiSpy Posted March 23, 2009 I keep getting these same 3 files and I allow SAS to delete them and then you have to restart in which I say ok and then when the computer restarts it just keeps restarting itself then I have to start up in safemode and scan it with malwarebytes and then it starts back up normally I don't know if these are false positives or why I keep getting the same 3 files any help thank youTrojan.Fake-Drop/Gen C:\WINDOWS\SYSTEM32\MSDRVE.DLL C:\WINDOWS\SYSTEM32\SVCPRMPT.DLL C:\WINDOWS\VMOPTVER.DLL Can you post the full scan log here so we can see what version of our software and definitions you are scanning with? Share this post Link to post Share on other sites
Kristina Posted March 28, 2009 I just redid SAS and once again those same 3 files are back SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 03/28/2009 at 03:26 PM Application Version : 4.23.1006 Core Rules Database Version : 3819 Trace Rules Database Version: 1773 Scan type : Complete Scan Total Scan Time : 00:49:50 Memory items scanned : 379 Memory threats detected : 0 Registry items scanned : 5358 Registry threats detected : 0 File items scanned : 18409 File threats detected : 16 Adware.Tracking Cookie C:\Documents and Settings\Owner\Cookies\owner@specificclick[1].txt C:\Documents and Settings\Owner\Cookies\owner@specificmedia[1].txt C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[1].txt C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt .adopt.euroclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0l59nctg.default\cookies.txt ] .adopt.euroclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0l59nctg.default\cookies.txt ] adopt.euroclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0l59nctg.default\cookies.txt ] adopt.euroclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0l59nctg.default\cookies.txt ] .tribalfusion.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0l59nctg.default\cookies.txt ] .media6degrees.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0l59nctg.default\cookies.txt ] .media6degrees.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0l59nctg.default\cookies.txt ] .media6degrees.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0l59nctg.default\cookies.txt ] Trojan.Fake-Drop/Gen C:\WINDOWS\SYSTEM32\MSDRVE.DLL C:\WINDOWS\SYSTEM32\SVCPRMPT.DLL C:\WINDOWS\VMOPTVER.DLL Share this post Link to post Share on other sites
SUPERAntiSpy Posted March 28, 2009 You are running a very old version - update to 4.26.1000 and then re-scan. Share this post Link to post Share on other sites
Kristina Posted April 6, 2009 I did what you said and installed the lastest version of SAS and once again I'm getting those same 3 files. Please any help thank you Share this post Link to post Share on other sites
Kristina Posted April 7, 2009 Thank you SASService I did what you suggested. Don't get why those same 3 files keep coming back I let SAS take care of it but then a few days later the files are back. thank you again Share this post Link to post Share on other sites
Kristina Posted April 10, 2009 I never heard back from SAS should I redo one? I put my outlook express email address which I shouldn't of because sometimes I don't get mail when I use that email address Share this post Link to post Share on other sites
Kristina Posted April 18, 2009 I still haven't heard back from SAS but the files keep showing up they showed up again yesterday Share this post Link to post Share on other sites
thermon Posted April 23, 2009 If some virus/adware is being tricky and restoring these files, I'd suggest one trick I've used to really nail these things. Go into safe mode and delete the files manually. Once they are gone, create a folder with the same exact name. Make it read-only. Then when whatever is trying to create the files runs again, it will fail. The virus is clueless as to what happened. Share this post Link to post Share on other sites
Kristina Posted April 28, 2009 "SASService"PM your CSR number to me, and I'll check it out. It never gave me a CSR number. Share this post Link to post Share on other sites