View Single Post
  #2  
Old January 25th, 2006, 12:42 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Howdy xupugh,


Welcome to CTH. Yes, there is some infection showing there. Though this is not an infected item, I am curious as to why so many instances of it are running.

C:\Program Files\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgetEngi ne.exe

Please do the following. You will want to print or have access to these steps while working in Safe Mode.


Make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"


Download the trial version of Ewido Security Suite from here.

When installing, under "Additional Options" uncheck "Install Background Guard" and "Install scan via context menu".

Launch Ewido (there should be an icon on your desktop doubleclick it). The program will now go to the main screen. You will need to update ewido to the latest definition files.

On the left hand side of the main screen click update and then click on Start Update. The update will start and a progress bar will show the updates being installed. If you have problems with the updater, you can use this link to manually update ewido.
ewido manual updates http://www.ewido.net/en/download/updates/. Do not run a scan yet.


------------------------------------------------------------------

Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode).

Close all open windows and run a scan in HijackThis. Place a check next to all of the following lines, then select “Fix Checked” and close HijackThis.

O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto


Do a search ( Start-Find-Files or Folders) for the following files/folders (shown in Bold), and if found, delete them.

C:\Program Files\winupdates (the entire folder)


Run Ewido now. Click on Scanner and click Complete System Scan and the scan will begin. During the scan it will prompt you to clean files, click OK. When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK. When the scan is finished, click the Save report button at the bottom of the screen. Save the report to your desktop and close Ewido.


Then reboot. Run a new scan with HijackThis and post that and the Ewido log back here.
Reply With Quote