cancel
Showing results for 
Search instead for 
Did you mean: 

New Win32/Poly win32

Hi

Hello. I am having great difficulty in removing new win32 and polywin32 from my computer.
Its Windows Xp.

I turned on the computer in safe mode and ran mcafee scan. It detects virus but it cannot clean it.

I also used Malwarebytes and the log is there.
Now I cannot open anything on my computer other than firefox. If i try to open any of the drives computer restarts itself. Please help

Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 2

2/17/2009 12:37:04 PM
mbam-log-2009-02-17 (12-37-04).txt

Scan type: Full Scan (C:\|D:\|E:\|G:\|)
Objects scanned: 194751
Time elapsed: 1 hour(s), 10 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\amvo0.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\winlogon (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\amva (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Sonal!!G\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98FF3C12-5E4D-4C94-9B1E-6F1589E5E16C}\RP477\A0087346.exe (Adware.NetPumper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amvo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amvo0.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\amvo1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
3 Replies

RE: New Win32/Poly win32

Hi,

Please try the below steps:

Open Internet Explorer > Click on Tools> Click on Internet options > Delete the temporary Internet files.

Click on the below link and follow the steps to perform the scan in DOS mode.

http://service.mcafee.com/faqdocument.aspx?id=TS100054&lang=en_US&prior_tid=2&AnswerID=16777216

Kindly revert back to us if you need more help
Highlighted

RE: New Win32/Poly win32

While trying to follow the step:

# Type CD\ and press Enter. You should now be at a C:\ prompt.
# Type SDATXXXX.EXE /E C:\SDAT and press Enter. (Note: The 'x's should be replaced with the appropriate numbers of the file that was downloaded above.) This will create an SDAT folder on the C:\ drive, and extract the SDAT files to this folder.


I get the following error

SDStbRes.dll: The specific module could not be found.

RE: New Win32/Poly win32

Hi,

This command is used to extract the SuperDAT file. So make sure you have the SuperDAT file in the C:\ drive
Open Local disk c:\ if you don’t have then try to reinstall the file again from http://www.mcafee.com/apps/downloads/security_updates/superdat.asp?region=us&segment=enterprise. Then try to follow the steps in the FAQ ID
Let me know if its works

Regards
Bala