I removed Au_.exe from registry...I did a restore...still could not get firewall or AV up... Did uninstall of firewall and AV...every thing is back-up right now... I take that back...AV is NOW...NO WHERE TO BE SEEN...AAAHHHH...going to pop a blood vessel.. Time to take a deep breath... I did restart after reinstalling firewall...did not do a restart after AV reinstall...I am thinking I should do another restart to lock in AV...AV is still there now...What do you think?.. Earlier AV just disappeared from start-up tray...it showed still active when I clicked desktop Icon...but was not in start-up tray... I am running Avira and Comodo...
If you can't get AV to install you could trying installing one in Safe Mode. If you have a Flash Drive handy I would recommend installing ClamWin to it. I would recommend you go into Safe Mode and scan your entire computer (all your hard drives if you have more then one) with ClamWin and you could delete what it finds. If you don't have a Flash Drive you could try installing an AV in Windows and then running it in Safe Mode after you have updated the definitions. ClamWin does not have a real-time scan engine but once you get your system cleaned you can install one with a real-time engine if you wish. Do you have any AV program on a CD/DVD? EDIT: Arrg, I forgot about how the site takes over specific words and re-routes them to Softpedia or the Glossary. You can pick up a Flash-capable copy of ClamWin here.
download, update & run in this order. ccleaner http://www.ccleaner.com/ cwshredder http://www.intermute.com/products/cwshredder.html avg free edition http://free.grisoft.com/doc/5390/lng/us/tpl/v5#avg-anti-virus-free ad-aware se http://www.download.com/Ad-Aware-SE...045910.html?part=dl-ad-aware&subj=dl&tag=top5 spybot s&d http://www.majorgeeks.com/download2471.html online virus & spyware scan http://housecall60.trendmicro.com/en/start_corp.asp
AV is still up... Au_.exe is a trojan... Still have not done restart after AV reinstall... I think I will restart to lock in AV...What do you think?.. And Yes...I have a flash drive... I have ccleaner...Adaware...and Spybot...have not ran them yet... I did do a sweep of my operating drive with AVIRA...it did not find any thing...
Good points ddp. If you have an AV program up then you should be ok without using ClamWin. If you want you can try running it off a flash drive. The Portable version (can run entirely off a flash drive) is available here. However, run those things ddp said. If you cant get them to run (or if they freeze while running) then make sure they are up-to-date and run them (in the order ddp said) in Safe Mode.
Just Downloaded them in Safe Mode with Networking...going to install them...then do a restart in Safe Mode only...then run them... Do I need to uninstall Avira AV before I install AVG...I am assuming so...
Yes, I would uninstall Avira first. After you uninstall Avira I would reboot again then install AVG. I am going to bed now as its 1 am here. I will try and help you more when I get up tomorrow if you need it.
Had to give deposition today... Things seem fine now...maybe AV disappearing was due to non restart... Down loaded everything in Safe Mode with networking...in order...Ran in Safe Mode nothing detected...Have not had time to run them in order again in normal start up...will do... Will watch closely... @ddp Dr1 photos up in profile...
Something new I am seeing on above computer... Is open office part of the preview option in AD posts?.. When ever I preview...Komodo is warning me about a supposed open office program that is wanting to connect to internet...when I deny it permission...it prevents me from making post...or connecting to internet until I open a new browser...First time this has happened... This is the Komodo warning I am getting...
You might want to run a virus scan, just on that file, but everything checks out correctly from what I can see. IP:70.85.60.100 Port:http(80)-TCP is an AfterDawn server. soffice.bin is just part of Open Office and is in the proper directory so it should be ok. You could upload soffice.bin to http://virusscan.jotti.org/ which scans it with 15 different AntiVirus applications that are updated hourly. I don't use Open Office but it seems strange that you can't post without allowing it.
Right now I am on one of my other computers...it has open office...it has Norton...not Komodo...never had to allow open office access to make a post... Never had to before the Au_.exe incident...on the old system...to my knowledge...don't fully trust old system yet...
Huh, thats weird. I am not sure what to tell you as I don't have a personal firewall or use a Real-Time AV engine. It is possible that a program could be "piggybacking" on soffice.bin but it sounds unlikely. If I dig anything up I will let you know. Peace