Mystical files

Secure Home | Search | About

Lost Password?

Microsoft Antivirus Discussions

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

add this group's latest topics to your Google content

Subject

Author

Date

Mystical files

Den

02-05-2007

Malke

David H. Lipman

Posted by Den on February 5, 2007, 12:47 pm

If you were Registered and logged in, you could reply and use other advanced thread options

Hi, I discovered following files on my PC:

C:\Documents and Settings\Bruger\Application Data\Ante knob dart\

- ahwpotpm.exe
- objonce.exe
- Real army the.exe
- sphmdbxn.exe

C:\Documents and Settings\All Users\Application Data\borereadmeloudbend
\
- hideweb.exe

hideweb.exe is trying to acces local network (as part of IE maybe?),
but I don't know what those other files do. McAfee scaninning and
scanning with Windows Defender show nothing wrong. Google search does
not return anything.

Any idea about this files?

Posted by Malke on February 5, 2007, 2:03 pm

If you were Registered and logged in, you could reply and use other advanced thread options

Den wrote:

> Hi, I discovered following files on my PC:

> C:\Documents and Settings\Bruger\Application Data\Ante knob dart\

> - ahwpotpm.exe

> - objonce.exe

> - Real army the.exe

> - sphmdbxn.exe

> C:\Documents and Settings\All Users\Application Data\borereadmeloudbend

> \

> - hideweb.exe

> hideweb.exe is trying to acces local network (as part of IE maybe?),

> but I don't know what those other files do. McAfee scaninning and

> scanning with Windows Defender show nothing wrong. Google search does

> not return anything.

> Any idea about this files?

Hideweb.exe is not part of Windows or Internet Explorer. Unfortunately,
the Google search for it brings up some pages in French which I can't
read. You might want to send a copy of hideweb.exe to Virus Total where
it will be submitted to lots of antivirus companies for identification.
Then post back with the results.

http://www.virustotal.com/flash/index_en.html

It certainly sounds like you've got some malware, however. I understand
that you've scanned with McAfee and WD but if this machine were in my
shop the first thing I'd do is go through the preparatory work at the
link below and then scan with Multi_AV or Sysclean. I'd also include
scanning with AVG Anti-Spyware (formerly Ewido -
http://www.ewido.net/en/). Follow instructions to do all scans in Safe Mode.

http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, run HijackThis and post your log in one of the
specialty forums listed at the link above (not here, please).

If the procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a professional computer
repair shop (not your local version of BigStoreUSA). Please be aware
that not all local shops are skilled at removing malware and even if
they are, your computer may be so infested that Windows will need to be
clean-installed. Have all your data backed up before you take the
machine into a shop.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

Posted by David H. Lipman on February 5, 2007, 4:22 pm

If you were Registered and logged in, you could reply and use other advanced thread options

| Hi, I discovered following files on my PC:
|
| C:\Documents and Settings\Bruger\Application Data\Ante knob dart\
|
| - ahwpotpm.exe
| - objonce.exe
| - Real army the.exe
| - sphmdbxn.exe
|
| C:\Documents and Settings\All Users\Application Data\borereadmeloudbend
| \
| - hideweb.exe
|
| hideweb.exe is trying to acces local network (as part of IE maybe?),
| but I don't know what those other files do. McAfee scaninning and
| scanning with Windows Defender show nothing wrong. Google search does
| not return anything.
|
| Any idea about this files?

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal
Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the
PC.

You can choose to go to each menu item and just download the needed files or you
can
download the files and perform a scan in Normal Mode. Once you have downloaded
the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode
[F8 key
during boot] and re-run the menu again and choose which scanner you want to run
in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive
PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm

* * * Please report back your results * * *

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Similar Threads	Posted
Zero kb files	June 19, 2007, 12:08 pm
Re: Help with what to do with files	August 15, 2007, 11:45 am
lost files	July 1, 2005, 10:59 am
Something is blocking almost all .exe files!	September 14, 2005, 2:05 pm
Files missing	January 25, 2006, 3:46 am
Tag.sys files -- hacker?	June 30, 2006, 3:41 pm
Help determining what to do with files	August 15, 2007, 10:38 am
Files Won't Open	June 3, 2008, 2:26 pm
Can .mkv files contain a virus	November 28, 2008, 7:06 pm
Invisible jpg, avi files	November 30, 2008, 2:55 am

The site map in XML format XML site map