Matt

*Matt notes that Jeff is a high school student bah Liz! I just got these pants out of the drier! I think I lost a contact lense in the pool

*Matt uses Steamhead as a human shield Darn you all! I can't even prepare lockers for Steamhead-stuffing, and I get ambushed!

Already working on it Jeff! The kind that don't open from the inside! Anyway! Hey Steam! You're FINALLY getting into the swing of BT! I hope you become an active part of the community! The people here don't bite, hard. Watch out for Macmarauder's toys Gotta do more than HJT logs every once in a while! hehe Have fun Steamhead, and a belated welcome to BestTechie! Matt

hehe good idea Jeff

You can't kill the process, because once killed, it automatically regenerates. Since the file is in use, the process needs to be suspended, and the file deletion needs to be delayed until reboot.

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Next, please reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account. Once in Safe Mode, open the S

Hi and welcome to Besttechie! I will be assisting you! Please print out all directions given, for use if/when you cannot access this page. Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop. Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Inactive topic... If you still need help on this problem, contact me or one of the Moderators to re-open this up. Topic closed.

Inactive topic... If you still need help on this problem, contact me or one of the Moderators to re-open this up. Topic closed.

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Thanks shane, the quotes did it!

ok.. why does this tell me the syntax is incorrect? copy c:\test.txt %userprofile%\desktop\ Matt

Congrats isteve on your promotion to Mac Expert! Well deserved!

Hey Metallica, haven't seen you around these parts lately! Looks like you got my PM at GTG Thanks for the info! Matt

does python have the ability to create reg files? If so, you could have it create a reg file, merge it with the registry, then delete the reg file. That's how EpolvyFix works. Matt

Great news! That little typo was what it needed! With a little more testing, Ill post the source soon! Thanks again TT and shanenin for all your assistance and involved interest! Matt

Congrats! Your computer is clean! How is your system running? The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again. Firefox- Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera is good as well. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize sectio

Hi shane. Ok this is weird. You are doing the exact same method as myself, but yours is working, mine is not. That either means: 1. I worte the batch incorrectly 2. It doesn't work all the time. We are currently testing again with an edited batch. If I can figure out what I wrote incorrectly, do You know of a way to do this in batch? I must admit, I was very very surprised when you posted back successful results. I did find a typo in one of my directory lines, which probably accounted for our failiers. Ill let you know the test results in a moment.. If I am unable to figure it out, I

Sent to your yahoo account. Put it in System32

you need process.exe for it to work, I can send it to you if youd like

I include the file process.exe with the batch file. What this process.exe does is adds the ability to the command prompt the execute process actions. For example, process -s wordpad.exe would suspend the wordpad process. Matt

I'm working on a tool (now with Jeff and Steamhead aswell) that removes the Epolvy Trojan. Information can be found here on what we've tried, which we now know doesn't work. More testing tonight though!

Actually shane, this tool is more of a learning experience for myself. As you saw, this trojan can be easily removed with SpySweeper. Ewido will also get it, and yes, AdAware with the VX2 plugin also get it. I'm just doing this to understand how the infection works, and what methods are done (whether by scan or manually) to remove it.