Windows 7 virus win32/small.CA trojan
Solved/Closed
virushelpme
Posts
11
Registration date
Tuesday October 16, 2012
Status
Member
Last seen
October 23, 2012
-
Oct 16, 2012 at 12:21 PM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Oct 23, 2012 at 04:45 AM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Oct 23, 2012 at 04:45 AM
Related:
- Windows 7 virus win32/small.CA trojan
- Kmspico windows 7 - Download - Other
- Minecraft java edition free download for pc windows 7 - Download - Sandbox
- Microsoft store download windows 7 - Download - App downloads
- Goose virus - Download - Other
- Gta 5 download apk pc windows 10 - Download - Action and adventure
9 responses
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Oct 18, 2012 at 04:19 AM
Oct 18, 2012 at 04:19 AM
Please download and install this most recent version of ZHP Diag and tell me if you get the H in ZHP Fix
https://www.commentcamarche.net/download/telecharger-34066799-zhpdiag
https://www.commentcamarche.net/download/telecharger-34066799-zhpdiag
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Oct 16, 2012 at 03:43 PM
Oct 16, 2012 at 03:43 PM
Hi
First, I would like to know what is your operating system.
Second, I would like to know the complete error message you are getting on the blue screen.
Third, To help you and precribe the remedy, I must make a diagnostic and to do so, I require a system log.
.
1. Open this link and download ZHPDiag2 :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message. Once installed, click on the "hardhat" icon allows to change the language.)
2. Save the file on your Desktop.
3. Double click on ZHPDiag.exe and follow the installation instructions.
the tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix at the next step).
4. Double click on the short cut ZHPDiag on your Destktop.
5. Click on the screwdriver icon and ensure all of the items are checked.
6. Click on the Magnifying glass and run the analysys.
Wait for the tool to finished (maybe a long time)
7. Close ZHPDiag.
8. To transmit the report, click on this link :
https://authentification.site
9. Click on Parcourir and search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
10. Select the file ZHPDiag.txt.
11. Click on "upload ยป
12. Copy the url and post it here.
Best regards
Ambucias
Security Contributor
First, I would like to know what is your operating system.
Second, I would like to know the complete error message you are getting on the blue screen.
Third, To help you and precribe the remedy, I must make a diagnostic and to do so, I require a system log.
.
1. Open this link and download ZHPDiag2 :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message. Once installed, click on the "hardhat" icon allows to change the language.)
2. Save the file on your Desktop.
3. Double click on ZHPDiag.exe and follow the installation instructions.
the tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix at the next step).
4. Double click on the short cut ZHPDiag on your Destktop.
5. Click on the screwdriver icon and ensure all of the items are checked.
6. Click on the Magnifying glass and run the analysys.
Wait for the tool to finished (maybe a long time)
7. Close ZHPDiag.
8. To transmit the report, click on this link :
https://authentification.site
9. Click on Parcourir and search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
10. Select the file ZHPDiag.txt.
11. Click on "upload ยป
12. Copy the url and post it here.
Best regards
Ambucias
Security Contributor
virushelpme
Posts
11
Registration date
Tuesday October 16, 2012
Status
Member
Last seen
October 23, 2012
Oct 16, 2012 at 05:39 PM
Oct 16, 2012 at 05:39 PM
Thanks for getting back to me!
1. Windows 7 Professional SP1 64bit
2. Have only just disabled automatic restarts for BSOD, but looking in event viewer I believe this was one of them:
"The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000379f620, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101612-9204-01."
Will give you the numbers again on my next BSOD!
3.http://speedy.sh/c48DJ/ZHPDiag.txt
Hope that's everything, thank you very much.
1. Windows 7 Professional SP1 64bit
2. Have only just disabled automatic restarts for BSOD, but looking in event viewer I believe this was one of them:
"The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000379f620, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101612-9204-01."
Will give you the numbers again on my next BSOD!
3.http://speedy.sh/c48DJ/ZHPDiag.txt
Hope that's everything, thank you very much.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Oct 17, 2012 at 04:07 AM
Oct 17, 2012 at 04:07 AM
Hi,
I have not yet looked at your log but the error code: 0x0000001e indicates that Windows has detected that the processor is attempting to process an unkown or invalid instruction. This is most often due to a hardware driver. The driver must eitheir be reinstalled or updated. It causes a memory dump.
In your case, you should check video card, sound card, and printer driver as well as any other hardware you may have connected.
Please remember that all of your drivers should be compatible with your OS.
Catch you later with more
I have not yet looked at your log but the error code: 0x0000001e indicates that Windows has detected that the processor is attempting to process an unkown or invalid instruction. This is most often due to a hardware driver. The driver must eitheir be reinstalled or updated. It causes a memory dump.
In your case, you should check video card, sound card, and printer driver as well as any other hardware you may have connected.
Please remember that all of your drivers should be compatible with your OS.
Catch you later with more
virushelpme
Posts
11
Registration date
Tuesday October 16, 2012
Status
Member
Last seen
October 23, 2012
Oct 17, 2012 at 05:00 AM
Oct 17, 2012 at 05:00 AM
Thanks for the reply.
The message from windows telling me to remove the virus has gone now, but I have had 4 BSODs this morning:
1. SYSTEM_SERVICE_EXCEPTION
stop: 0x0000003B
2. BAD_POOL_HEADER
stop: 0x00000019
3. (no tittle)
stop: 0x00000024
4. (happened during a restart) IRQL_NOT_LESS_OR_EQUAL
stop: 0x0000000A
I built the computer a couple of months ago and not much has changed since installing and updating all the drivers.... but I will have a look at them. I'm 99% sure (dont want to sound to arrogant) that all my hardware is compatible and I'm 98% sure I've installed windows 7 64bit drivers! :)
Sadly my chrome and internet explorer wont connect to the internet this morning.... not sure if I'm starting to become paranoid but my laptop is connected absolutely fine....! Windows network and sharing centre says that I have internet access on the computer but my browsers just wont connect to anything (standard DNS lookup failure).
I have all my documents backed up and am tempted to just wipe my hard drives and reinstall everything..... But obviously if you find anything in the logs or want more logs just let me know!
Thanks a lot for your time
The message from windows telling me to remove the virus has gone now, but I have had 4 BSODs this morning:
1. SYSTEM_SERVICE_EXCEPTION
stop: 0x0000003B
2. BAD_POOL_HEADER
stop: 0x00000019
3. (no tittle)
stop: 0x00000024
4. (happened during a restart) IRQL_NOT_LESS_OR_EQUAL
stop: 0x0000000A
I built the computer a couple of months ago and not much has changed since installing and updating all the drivers.... but I will have a look at them. I'm 99% sure (dont want to sound to arrogant) that all my hardware is compatible and I'm 98% sure I've installed windows 7 64bit drivers! :)
Sadly my chrome and internet explorer wont connect to the internet this morning.... not sure if I'm starting to become paranoid but my laptop is connected absolutely fine....! Windows network and sharing centre says that I have internet access on the computer but my browsers just wont connect to anything (standard DNS lookup failure).
I have all my documents backed up and am tempted to just wipe my hard drives and reinstall everything..... But obviously if you find anything in the logs or want more logs just let me know!
Thanks a lot for your time
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Oct 17, 2012 at 05:14 AM
Oct 17, 2012 at 05:14 AM
Hello Ross,
My first study of the log does not show obvious malware but there is a possible W32/Heuristic-210!Eldorado trojan. I wish however to go about this with prudence.
1. I would like you to go to search for this file: pev.exe and tell me what the properties are.
2. I would like you to delete all of the antivirus applications you have recently downloaded except the one you have paid for. More than one antivirus application will cause conflicts, not detect malware or cause false alerts.
3. On your desktop, ZHP Diag created ZHP Fix. Launch ZHP Fix and click on the large X.
4. Copy and paste the following lines which are redundant and obsolete processes or orphean keys:
O4 - HKCU\..\Run: [Mobile Partner] Orphean Key
O4 - HKUS\S-1-5-21-185997528-2593348611-818886502-1003-185997528-2593348611-818886502-1000\..\Run: [Mobile Partner] Orphean Key
O4 - Global Startup: C:\Users\Ross\Desktop\Uni Documents.lnk . (...) -- \\samba.soton.ac.uk\rlh6g10 (.not file.) [MD5.00000000000000000000000000000000] [APT] [{13B1C6CA-32C5-41B4-8DCD-DC7610E9CD8D}] (...) -- C:\Users\Ross\Documents\Computer\Drivers\Intel_Chipset_V9301019_XPWin7\Driver\Chipset\setup.exe (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\55334416.sys . (...) -- C:\Windows\System32\Drivers\55334416.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\55334416.sys . (...) -- C:\Windows\System32\Drivers\55334416.sys (.not file.)
O87 - FAEL: "TCP Query User{8028B400-2AD1-4C0C-BF7F-FD5565809251}D:\easysetupassistant\wr941n\easysetupassistant.exe" |In - Private - P6 - TRUE | .(...) -- D:\easysetupassistant\wr941n\easysetupassistant.exe (.not file.)O87 - FAEL: "UDP Query User{5692377F-EC23-4C44-95FC-0DA3AAABC78F}D:\easysetupassistant\wr941n\easysetupassistant.exe" |In - Private - P17 - TRUE | .(...) -- D:\easysetupassistant\wr941n\easysetupassistant.exe (.not file.)
5. Click on GO
6. See if you got any improvement. If not, launch ZHP Fix again, copy and paste the following lines:
O44 - LFC:[MD5.FE52E3AB6381CF6CC34D57BD28A6B2E0] - 26/06/2011 - 06:45:56 ---A- . (...) -- C:\Windows\PEV.exe [256000]
O44 - LFC:[MD5.233566D0EE963948D3C4B6C31FD5D64F] - 07/11/2010 - 17:20:24 ---A- . (...) -- C:\Windows\MBR.exe [208896]
O64 - Services: CurCS - 25/06/2010 - C:\Windows\System32\drivers\npf.sys (NPF) .(.CACE Technologies, Inc. - npf.sys (NT5/6 AMD64) Kernel Driver.) - LEGACY
Click on GO
7. Give me feed back
My first study of the log does not show obvious malware but there is a possible W32/Heuristic-210!Eldorado trojan. I wish however to go about this with prudence.
1. I would like you to go to search for this file: pev.exe and tell me what the properties are.
2. I would like you to delete all of the antivirus applications you have recently downloaded except the one you have paid for. More than one antivirus application will cause conflicts, not detect malware or cause false alerts.
3. On your desktop, ZHP Diag created ZHP Fix. Launch ZHP Fix and click on the large X.
4. Copy and paste the following lines which are redundant and obsolete processes or orphean keys:
O4 - HKCU\..\Run: [Mobile Partner] Orphean Key
O4 - HKUS\S-1-5-21-185997528-2593348611-818886502-1003-185997528-2593348611-818886502-1000\..\Run: [Mobile Partner] Orphean Key
O4 - Global Startup: C:\Users\Ross\Desktop\Uni Documents.lnk . (...) -- \\samba.soton.ac.uk\rlh6g10 (.not file.) [MD5.00000000000000000000000000000000] [APT] [{13B1C6CA-32C5-41B4-8DCD-DC7610E9CD8D}] (...) -- C:\Users\Ross\Documents\Computer\Drivers\Intel_Chipset_V9301019_XPWin7\Driver\Chipset\setup.exe (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\55334416.sys . (...) -- C:\Windows\System32\Drivers\55334416.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\55334416.sys . (...) -- C:\Windows\System32\Drivers\55334416.sys (.not file.)
O87 - FAEL: "TCP Query User{8028B400-2AD1-4C0C-BF7F-FD5565809251}D:\easysetupassistant\wr941n\easysetupassistant.exe" |In - Private - P6 - TRUE | .(...) -- D:\easysetupassistant\wr941n\easysetupassistant.exe (.not file.)O87 - FAEL: "UDP Query User{5692377F-EC23-4C44-95FC-0DA3AAABC78F}D:\easysetupassistant\wr941n\easysetupassistant.exe" |In - Private - P17 - TRUE | .(...) -- D:\easysetupassistant\wr941n\easysetupassistant.exe (.not file.)
5. Click on GO
6. See if you got any improvement. If not, launch ZHP Fix again, copy and paste the following lines:
O44 - LFC:[MD5.FE52E3AB6381CF6CC34D57BD28A6B2E0] - 26/06/2011 - 06:45:56 ---A- . (...) -- C:\Windows\PEV.exe [256000]
O44 - LFC:[MD5.233566D0EE963948D3C4B6C31FD5D64F] - 07/11/2010 - 17:20:24 ---A- . (...) -- C:\Windows\MBR.exe [208896]
O64 - Services: CurCS - 25/06/2010 - C:\Windows\System32\drivers\npf.sys (NPF) .(.CACE Technologies, Inc. - npf.sys (NT5/6 AMD64) Kernel Driver.) - LEGACY
Click on GO
7. Give me feed back
virushelpme
Posts
11
Registration date
Tuesday October 16, 2012
Status
Member
Last seen
October 23, 2012
Oct 17, 2012 at 06:21 AM
Oct 17, 2012 at 06:21 AM
Hi again,
1. I have two pev.exe both created 16 October 2012, modified 26 June 2011 and Accessed 16 October 2012 (at slightly different times).
Locations:
C;\Windows
C:\ComboFix
2. I have turned off Windows Defender real-time protection.
I have deleted all other antivirus/malware removal tools.
I have left Kaspersky Anti-Virus 2011 installed and running.
3. Not sure what big X to look for?! I have ZHPFix v1.3.04 and don't see a big X haha. Sorry!
1. I have two pev.exe both created 16 October 2012, modified 26 June 2011 and Accessed 16 October 2012 (at slightly different times).
Locations:
C;\Windows
C:\ComboFix
2. I have turned off Windows Defender real-time protection.
I have deleted all other antivirus/malware removal tools.
I have left Kaspersky Anti-Virus 2011 installed and running.
3. Not sure what big X to look for?! I have ZHPFix v1.3.04 and don't see a big X haha. Sorry!
virushelpme
Posts
11
Registration date
Tuesday October 16, 2012
Status
Member
Last seen
October 23, 2012
Oct 17, 2012 at 11:34 AM
Oct 17, 2012 at 11:34 AM
3. Is it one of the tools on the right side e.g: CTFFix, HOSTFix, HiddenFix etc or am I looking in the wrong place?
Didn't find the answer you are looking for?
Ask a question
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Oct 17, 2012 at 04:33 PM
Oct 17, 2012 at 04:33 PM
I may be repeating myself but when you installed ZHP Diag, three icons were created on your desktop: ZHP Diag, ZHP Fix and MRB Check.
I meant to use ZHP Fix. Double click it, at the top you will see a large H which stands for helper or hospital or hip hip hip hurrah.
The pev.exe in C:\combofix is probably in a quarantine file.
The pev.exe in C:\windows is the one I am interested in and which is 80% chance of malware. I would like to know everything that is said under the tab "version".
After you have run ZHP Fix, I would like to know if the state of your machine is healthy. Delete the previous ZHP Diag log from your machine and send me a new one for verification and further instructions.
Regards
P.S. Please, don't ha ha, this is serious stuff and I'm driving...entering a tunnel... catch you later
I meant to use ZHP Fix. Double click it, at the top you will see a large H which stands for helper or hospital or hip hip hip hurrah.
The pev.exe in C:\combofix is probably in a quarantine file.
The pev.exe in C:\windows is the one I am interested in and which is 80% chance of malware. I would like to know everything that is said under the tab "version".
After you have run ZHP Fix, I would like to know if the state of your machine is healthy. Delete the previous ZHP Diag log from your machine and send me a new one for verification and further instructions.
Regards
P.S. Please, don't ha ha, this is serious stuff and I'm driving...entering a tunnel... catch you later
virushelpme
Posts
11
Registration date
Tuesday October 16, 2012
Status
Member
Last seen
October 23, 2012
Oct 17, 2012 at 05:11 PM
Oct 17, 2012 at 05:11 PM
Hello again Ambucias,
Here is a screenshot of my ZHP Fix v1.3: http://speedy.sh/UrCRd/ZHPFix-v1.3.jpg
This new version does not have a large x ("Launch ZHP Fix and click on the large X.") or a large H ("you will see a large H"). So I'm sorry but I still have not run the programme! I have tried to download an earlier version of ZHPDiag2 so that I could follow your instructions but could not find an earlier release of the program!
Best Regards,
Ross
Here is a screenshot of my ZHP Fix v1.3: http://speedy.sh/UrCRd/ZHPFix-v1.3.jpg
This new version does not have a large x ("Launch ZHP Fix and click on the large X.") or a large H ("you will see a large H"). So I'm sorry but I still have not run the programme! I have tried to download an earlier version of ZHPDiag2 so that I could follow your instructions but could not find an earlier release of the program!
Best Regards,
Ross
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Oct 17, 2012 at 05:30 PM
Oct 17, 2012 at 05:30 PM
There is a bug!
Will get back to you tomorrow morning!
Sorry for the delay.
Will get back to you tomorrow morning!
Sorry for the delay.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Oct 19, 2012 at 05:01 AM
Oct 19, 2012 at 05:01 AM
The H was removed.
Just paste the lines and click on Go
Just paste the lines and click on Go
virushelpme
Posts
11
Registration date
Tuesday October 16, 2012
Status
Member
Last seen
October 23, 2012
Oct 19, 2012 at 07:04 AM
Oct 19, 2012 at 07:04 AM
Will get back to you with an outcome on Monday.
Cheers
Cheers
virushelpme
Posts
11
Registration date
Tuesday October 16, 2012
Status
Member
Last seen
October 23, 2012
Oct 22, 2012 at 03:31 AM
Oct 22, 2012 at 03:31 AM
Ok, I ran ZHP Fix twice (pasting all your lines). The blue screens have gone away (so far) and windows action centre has not found the win32/small.ca virus again after a few restarts.
Here is the latest ZHP diag and ZHP fix report: http://speedy.sh/QgFv5/ZHPDiag.txt
So I think my original problem is fixed, but I've still got no internet.....
Thanks again
Here is the latest ZHP diag and ZHP fix report: http://speedy.sh/QgFv5/ZHPDiag.txt
So I think my original problem is fixed, but I've still got no internet.....
Thanks again
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Oct 22, 2012 at 05:30 AM
Oct 22, 2012 at 05:30 AM
Looks like you sent me the very same log as before. Ensure that all the logs are deleted from the machine before generating a new one.
Sorry
Sorry
virushelpme
Posts
11
Registration date
Tuesday October 16, 2012
Status
Member
Last seen
October 23, 2012
Oct 22, 2012 at 06:27 AM
Oct 22, 2012 at 06:27 AM
Here is the new log, sorry about that.
http://speedy.sh/pV2gc/ZHPDiag.txt
http://speedy.sh/pV2gc/ZHPDiag.txt
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Oct 22, 2012 at 04:46 PM
Oct 22, 2012 at 04:46 PM
Greetings Ross,
Well I'm happy to report that your system is virus free, as clean as a whistle.
There are however some redundant processes that are running which you can delete or stop using ZHP Fix. They are:
[MD5.00000000000000000000000000000000] [APT] [{13B1C6CA-32C5-41B4-8DCD-DC7610E9CD8D}] (...) -- C:\Users\Ross\Documents\Computer\Drivers\Intel_Chipset_V9301019_XPWin7\Driver\Chipset\setup.exe (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\55334416.sys . (...) -- C:\Windows\System32\Drivers\55334416.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\55334416.sys . (...) -- C:\Windows\System32\Drivers\55334416.sys (.not file.)
O87 - FAEL: "TCP Query User{8028B400-2AD1-4C0C-BF7F-FD5565809251}D:\easysetupassistant\wr941n\easysetupassistant.exe" |In - Private - P6 - TRUE | .(...) -- D:\easysetupassistant\wr941n\easysetupassistant.exe (.not file.)
O87 - FAEL: "UDP Query User{5692377F-EC23-4C44-95FC-0DA3AAABC78F}D:\easysetupassistant\wr941n\easysetupassistant.exe" |In - Private - P17 - TRUE | .(...) -- D:\easysetupassistant\wr941
Now, you mention that you do not have Internet. I am not an Internet connection or configuration expert but a virus security contributor.
Nonetheless, I don't know what kind of Internet connection you priviledge. I have noted a few items which may ring bells to you or guide you to restore it.
1. You are using a proxy. (You can stop the use of a proxy in your Internet settings)
2. Seems that you have installed Wifi.
3. Google Chrome often creates connection problems
4. You Internet Explorer control panel has been deactivated.
Please delete Eset Online scanner as well as any other antivirus applications you may have installed except your Kaspersky which an excellent antivirus suite. (None are 100% proof)
Let me know about your internet connection. I am keeping your log on file for 3 days, in case you need my help again.
Cherio! Chin up! See you in Tipperary!
Well I'm happy to report that your system is virus free, as clean as a whistle.
There are however some redundant processes that are running which you can delete or stop using ZHP Fix. They are:
[MD5.00000000000000000000000000000000] [APT] [{13B1C6CA-32C5-41B4-8DCD-DC7610E9CD8D}] (...) -- C:\Users\Ross\Documents\Computer\Drivers\Intel_Chipset_V9301019_XPWin7\Driver\Chipset\setup.exe (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\55334416.sys . (...) -- C:\Windows\System32\Drivers\55334416.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\55334416.sys . (...) -- C:\Windows\System32\Drivers\55334416.sys (.not file.)
O87 - FAEL: "TCP Query User{8028B400-2AD1-4C0C-BF7F-FD5565809251}D:\easysetupassistant\wr941n\easysetupassistant.exe" |In - Private - P6 - TRUE | .(...) -- D:\easysetupassistant\wr941n\easysetupassistant.exe (.not file.)
O87 - FAEL: "UDP Query User{5692377F-EC23-4C44-95FC-0DA3AAABC78F}D:\easysetupassistant\wr941n\easysetupassistant.exe" |In - Private - P17 - TRUE | .(...) -- D:\easysetupassistant\wr941
Now, you mention that you do not have Internet. I am not an Internet connection or configuration expert but a virus security contributor.
Nonetheless, I don't know what kind of Internet connection you priviledge. I have noted a few items which may ring bells to you or guide you to restore it.
1. You are using a proxy. (You can stop the use of a proxy in your Internet settings)
2. Seems that you have installed Wifi.
3. Google Chrome often creates connection problems
4. You Internet Explorer control panel has been deactivated.
Please delete Eset Online scanner as well as any other antivirus applications you may have installed except your Kaspersky which an excellent antivirus suite. (None are 100% proof)
Let me know about your internet connection. I am keeping your log on file for 3 days, in case you need my help again.
Cherio! Chin up! See you in Tipperary!
virushelpme
Posts
11
Registration date
Tuesday October 16, 2012
Status
Member
Last seen
October 23, 2012
Oct 23, 2012 at 04:33 AM
Oct 23, 2012 at 04:33 AM
All fixed! Victory! Thanks a lot for your time and help.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Oct 23, 2012 at 04:45 AM
Oct 23, 2012 at 04:45 AM
The pleasure was all mine.
Oct 18, 2012 at 08:19 AM
The peve.exe in C:\Windows has no previous versions.
Oct 18, 2012 at 03:40 PM