cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 11 of 21

Re: Please help -Suspected virus I can't remove-Two desktop.ini files appeared on desktop

Again, I ask you...does it appear in your (Task Manager) as a "Running Process?

Cliff
McAfee Volunteer
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 12 of 21

Re: Please help -Suspected virus I can't remove-Two desktop.ini files appeared on desktop

Do the files mentioned here-in persist to appear as you stated,after running the (Removal Guide)?

Also, as I asked earlier did (Hitman Pro) detect the " Desktop.Ini" files?

Cliff
McAfee Volunteer
Highlighted
Level 7
Report Inappropriate Content
Message 13 of 21

Re: Please help -Suspected virus I can't remove-Two desktop.ini files appeared on desktop

Sorry, I'll check the task manager and run HitPro. It was night time and I haven't had a chance to do those two things.

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 14 of 21

Re: Please help -Suspected virus I can't remove-Two desktop.ini files appeared on desktop

Thank you, as it is important that you follow entirely through the (Removal Guide) Actually after running the other Applications, the files in Questions should be removed.

Having said this,  the (Free) Version of " Hitman Pro" will only detect the (Desktop.ini) files. In that case, to remove them, should they indeed not be Legitimate will require more measures.

Regards,

Catdaddy

Cliff
McAfee Volunteer
Highlighted
Level 7
Report Inappropriate Content
Message 15 of 21

Re: Please help -Suspected virus I can't remove-Two desktop.ini files appeared on desktop

Hi Catdaddy

I have now run

  • Junkware Removal Tool
  • HitmanPro,

and have gone through the guides you have provided me with and run all the scanners.

  • I have also checked that task manager and desktop.ini does not appear as a process ".exe"
  • The results of the Junware and HItmanPro respectively are below. As you stated, HItmanPro isn't free so I haven't removed the files. It found 120 traces, but it doesn't look like it found any threats.

What are the next steps?

Thanks for you help so far.

HitmanPro 3.7.9.232

www.hitmanpro.com

   Computer name . . . . : STAT5Y-PC

   Windows . . . . . . . : 6.1.1.7601.X64/8

   User name . . . . . . : stat5y-PC\stat5y

   UAC . . . . . . . . . : Enabled

   License . . . . . . . : Free

   Scan date . . . . . . : 2014-11-13 20:19:44

   Scan mode . . . . . . : Normal

   Scan duration . . . . : 12m 20s

   Disk access mode  . . : Direct disk access (SRB)

   Cloud . . . . . . . . : Internet

   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0

   Traces  . . . . . . . : 120

   Objects scanned . . . : 1,870,766

   Files scanned . . . . : 82,253

   Remnants scanned  . . : 544,207 files / 1,244,306 keys

Suspicious files ____________________________________________________________

   C:\Users\stat5y\AppData\Local\Temp\nspA23A.tmp\nsisos.dll

      Size . . . . . . . : 5,632 bytes

      Age  . . . . . . . : 972.0 days (2012-03-16 19:49:41)

      Entropy  . . . . . : 3.1

      SHA-256  . . . . . : BA79AB7F63F02ED5D5D46B82B11D97DAC5B7EF7E9B9A4DF926B43CEAC18483B6

      Fuzzy  . . . . . . : 22.0

         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.

         Authors name is missing in version info. This is not common to most programs.

         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

         Program contains PE structure anomalies. This is not typical for most programs.

Cookies _____________________________________________________________________

   C:\Users\stat5y\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net

   C:\Users\stat5y\AppData\Roaming\Microsoft\Windows\Cookies\10PTTJ4Y.txt

   C:\Users\stat5y\AppData\Roaming\Microsoft\Windows\Cookies\4G9W6BKL.txt

   C:\Users\stat5y\AppData\Roaming\Microsoft\Windows\Cookies\9O4ZGH2K.txt

   C:\Users\stat5y\AppData\Roaming\Microsoft\Windows\Cookies\L36ZXIBD.txt

   C:\Users\stat5y\AppData\Roaming\Microsoft\Windows\Cookies\O67E5HSS.txt

   C:\Users\stat5y\AppData\Roaming\Microsoft\Windows\Cookies\P551XJZN.txt

   C:\Users\stat5y\AppData\Roaming\Microsoft\Windows\Cookies\YRNCO985.txt

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:247realmedia.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:2o7.net

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ad.360yield.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ad.leadbolt.net

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ad.mlnadvertising.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ad.velmedia.net

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ad.yieldmanager.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ad.zanox.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:adbrite.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:adlegend.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ads.a-static.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ads.ad4game.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ads.adhub.co.nz

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ads.adk2.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ads.cinamuse.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ads.cineble.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ads.cinemaden.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ads.cnngo.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ads.filmbull.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ads.filmlush.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ads.flixaddict.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ads.hdcaliber.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ads.itshd.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ads.lzjl.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ads.moviease.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ads.moviecrystal.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ads.movielush.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ads.nigella.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ads.p161.net

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ads.planet49.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ads.pointroll.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ads.pubmatic.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ads.pushplay.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ads.reelhd.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ads.reelvidz.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ads.undertone.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ads.us.e-planning.net

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ads.yahoo.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:adserver.adreactor.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:adserver.adtechus.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:adtech.de

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:advertising.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:advertstream.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:adviva.net

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:apmebf.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:apnonline.112.2o7.net

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ar.atwola.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:at.atwola.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:atdmt.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:bs.serving-sys.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:burstnet.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:c.atdmt.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:c1.atdmt.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:casalemedia.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:clicksor.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:collective-media.net

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:dennispublishing.112.2o7.net

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:dmtracker.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:doubleclick.net

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:educationcom.112.2o7.net

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:eurostar.122.2o7.net

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ewscripps.112.2o7.net

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:fastclick.net

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:fucksexygirls.net

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:giftscom.122.2o7.net

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:h.atdmt.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:in.getclicky.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:interclick.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:invitemedia.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:kontera.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:livejasmin.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:livesexasian.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:media6degrees.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:mediaplex.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:mm.chitika.net

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:msnbc.112.2o7.net

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:msnportal.112.2o7.net

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:mtvn.112.2o7.net

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:overture.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:partypoker.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:pcworldcommunication.122.2o7.net

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:phones4ultd.112.2o7.net

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:pointroll.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:premiumtv.122.2o7.net

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:questionmarket.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:raileurope4a.122.2o7.net

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:realmedia.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:revsci.net

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:rts.pgmediaserve.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ru4.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:serving-sys.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:specificclick.net

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:statcounter.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:stats.govt.nz

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:stats.slashgear.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:statse.webtrendslive.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:t.pointroll.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:tacoda.at.atwola.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:thefriskycom.122.2o7.net

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:trackalyzer.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:tribalfusion.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:uk.sitestat.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:vodafonenz.122.2o7.net

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:ww251.smartadserver.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:www.burstnet.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:www.googleadservices.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:www.partypoker.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:xiti.com

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:yadro.ru

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:yieldmanager.net

   C:\Users\stat5y\AppData\Roaming\Mozilla\Firefox\Profiles\1i30t9xv.default-1415792866144\cookies.sqlite:zedo.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.3.7 (11.08.2014:1)

OS: Windows 7 Home Premium x64

Ran by stat5y on Thu 13/11/2014 at 19:54:57.32

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted: [File] C:\user.js

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 13/11/2014 at 20:03:56.89

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Nathan

Highlighted
Level 7
Report Inappropriate Content
Message 16 of 21

Re: Please help -Suspected virus I can't remove-Two desktop.ini files appeared on desktop

Two other things to note:

  • Hidden folders also appeared when the myriad of desktop.ini files showed up (see below)

Documents.PNG

  • The desktop.ini files still remain on my desktop and in other places

Kind regards

Nathan

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 17 of 21

Re: Please help -Suspected virus I can't remove-Two desktop.ini files appeared on desktop

,

               As you can see by the Tools ran, you had a "Slew" of undesirable Programs/Toolbars especially the Notorius (Conduit Toolbar) which in itself can cause all sorts of abnormal behavior and sub-par performance.

               As for the Desktop.ini Files which you say were created on your Desk Top. You can easily delete the shortcut if it bothers you. I would not be overly concerned in my honest opinion. I recommend (Hiding) once again all hidden files.

               By what I have observed from your Screen Shots, it seems that the Removal Guide has removed any Malware that was on your system. You should now see a Significant improvement in the Performance/Operation of your Machine.

                You could also run the Latest McAfee Getsusp Tool, simply remember to enter your Email Address under "Preferences" with-in the Getsusp Inter-face before scanning. You can safely leave Malwarebytes (Free) on board as an occasional On Demand Scanner/Second opinion Tool. Simply update each instance before scanning.

                Getsusp and other Superb Free Tools can be obtained from the following link:

                

                Also, by reading those two Articles I inserted in regards to (PUPS) hopefully  can assist to prevent future inadvertent (Bundled DownLoads). One has to be diligent in making themselves aware of what is being installed. Even then, simply visiting a Website on a machine that has a vulnerability can still be exploited.

                I cannot stress enough, the Importance of keeping your System Current/Up to date with all of your Windows Updates/Internet Explorer/To include all Add-ons. Especially Adobe Flash Player ( 15.0.0.223 ) Always make certain you (Uncheck) the Optional offers.

                  I would also add that you can safely uninstall AdwCleaner/Hitman Pro Free Trial from your system, to include Junkware Removal Tool.

All the very Best,

Catdaddy

McAfee Volunteer Moderator

Consumer Products

Cliff
McAfee Volunteer
Highlighted

Re: Please help -Suspected virus I can't remove-Two desktop.ini files appeared on desktop

We don't analyse 3rd party tool logs here as we aren't qualified to read them, and time constraints prevent us anyway.  They are best posted on specialist forums that do only that,  See the listing for Hijackthis lower down the last link in my signature below for suggestions.

Toronto ▪ Canada
Volunteer Moderator - Consumer Products
I CAN'T HELP PRIVATELY - PLEASE POST IN THE FORUMS
Use Advanced Search To Find Answers

Consumer Technical Support (alter Country @ top right as needed)

Consumer Customer Service (Accounts, Billing, Registration, etc.)
Anti-Spyware/Malware/Hijacker Tools

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 19 of 21

Re: Please help -Suspected virus I can't remove-Two desktop.ini files appeared on desktop

Excellent Advice

Cliff
McAfee Volunteer
Highlighted
Level 7
Report Inappropriate Content
Message 20 of 21

Re: Please help -Suspected virus I can't remove-Two desktop.ini files appeared on desktop

This is what happens when I try to send the issue to McAfeeSubmit to McAfee error.PNG

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community