jldhawk Posted April 6, 2009 I have a log I can add if anyone can help me remove a nasy batch of spys, I have the "LIFETIME: subscription of Superantispyware installed on this computer infected. It detected a bunch of spys, but I can't quarentine them or delete them, it reboots my computer when I try. below is PART of the log, the last paragragh is a LOT larger, I just didn't copy all of that. SUPERAntiSpyware Scan Loghttps://www.superantispyware.com Generated 04/05/2009 at 01:59 PM Application Version : 4.26.1000 Core Rules Database Version : 3829 Trace Rules Database Version: 1785 Scan type : Complete Scan Total Scan Time : 00:38:59 Memory items scanned : 538 Memory threats detected : 1 Registry items scanned : 7108 Registry threats detected : 741 File items scanned : 24461 File threats detected : 139 Adware.Vundo/Variant-MSFake C:\WINDOWS\SYSTEM32\KVHFSUW.DLL C:\WINDOWS\SYSTEM32\KVHFSUW.DLL Trojan.Agent/Gen-PolyFake HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22DFF274-079E-4F4D-A083-F4712A09A413} HKCR\CLSID\{22DFF274-079E-4F4D-A083-F4712A09A413} HKCR\CLSID\{22DFF274-079E-4F4D-A083-F4712A09A413} HKCR\CLSID\{22DFF274-079E-4F4D-A083-F4712A09A413}#Version HKCR\CLSID\{22DFF274-079E-4F4D-A083-F4712A09A413}#Flags HKCR\CLSID\{22DFF274-079E-4F4D-A083-F4712A09A413}\InprocServer32 HKCR\CLSID\{22DFF274-079E-4F4D-A083-F4712A09A413}\InprocServer32#ThreadingModel HKCR\CLSID\{22DFF274-079E-4F4D-A083-F4712A09A413}\ProgID HKCR\Elzkolvr HKCR\Elzkolvr#TimeStamp HKCR\Elzkolvr\CLSID HKU\S-1-5-21-1757981266-1078081533-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22DFF274-079E-4F4D-A083-F4712A09A413} Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\vkcueheb Adware.MyWebSearch HKU\S-1-5-21-1757981266-1078081533-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} HKU\S-1-5-21-1757981266-1078081533-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} HKU\S-1-5-21-1757981266-1078081533-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} Adware.Vundo Variant HKU\S-1-5-21-1757981266-1078081533-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08C134D3-087C-4139-A98C-3A078358DFDE} Adware.MyWebSearch/FunWebProducts Share this post Link to post Share on other sites
jldhawk Posted April 7, 2009 CA Antiviris says I have the following virus: Win32/Tisblk.bb in my windows/system32/drivers folder, but when I do a full virus scan there is nothing detected. I have tried both scans in safe mode, will try again now. I'll let you know. Jeff Share this post Link to post Share on other sites
jldhawk Posted April 19, 2009 I still get a CA alert that I have a virus, but when I scan the system in Safe mode or normal mode, I find no virus. Share this post Link to post Share on other sites
jldhawk Posted May 10, 2009 I was able to remove the virus I believe with CA antispam software, Superantispy didn't call it by the same name, I think superantispy found it as a spy, but CA thought it was a virus. between the two programs, I think I stopped that one. Thanks for your help. Share this post Link to post Share on other sites