JjJames

Hi everyone, and merry xmas to you all. offcourse i am willing to wait. I know i havent had an answer yet, but if they are working on it, it might offcourse take a while before they find something. when i first posted here, typing "curepcsolutions" in google gave 2 pages of results, now, it finds 11 pages. so it is defently spreading, and maybe someone will find some way to decrypt the files. so i'll keep them on backup for now. Thanks for the help so far, and i wish you a happy start to the new year. (and may it be malware free ) JjJames

Nope havent received anything from them. i sent them a mail with the file, and an explenation of the problem. I still have some of the infected files, but offcourse they are still useless. No more problems with the pc, but i havent had problems with it since i deleted that dll and some reg keys.

Hi, you're right, I tried in too on my old pc, and indeed, although it also recognises the files it changed. and i'm mailing Dr.web right now I'll post any reply they give here. JjJames

I'll keep looking on the net. Since it seems pretty new, maybe some more cases will show up. This is the adress they give: Something tells me the adress wont be correct Thx, JjJames

Hi, Thx a milion for searching. Unfortunatly i have already tried Spyware doctor, but it didnt recover my files. And again, unfortunatly, i have already deleted the dll. I did this to stop the annoying popup, tis was before i found out my files were changed. But, maybe the dll file of one of the other victims of the adware here can help, they have a different name but since they do the same thing, maybe they are the same dll's, just with a different name. And about the other pc, i'll give it a try tomorrow, i have to install windows on it. afterwards I'm also going to try with the CurePCsolutions software(on that old pc). there is nothing on that pc, so it doest have anyting to break.

Oke, thanks for looking. I think that its a new adware/virus. because everything i can find via Google, is posts about the same problem, and all this month. So maybe some antivirus company wil come with a fix or something. <crosses fingers> And if not, then i'll just have to retype/remake the documents. And this is yet another wake up call for me to take backups more often. Luckely i didnt forget to backup my most important files (Bachelor thesis files), because the adware/virus also changed the original files. JjJames

Hi The files are the same size they were before they were renamed. For example an Xvid episode xxxxxxx.avi that was 350mb, is now still 350mb. But when i rename it back to .avi i can no longer play it. Not even in a program like avipreview (which can play incomplete, corrupt, avi files. So i think, that the file had been completely encoded or something. They all used to have the same icon, an when i opened them, it would open the eror message "possible virus warning" and then go to the CurePCsolutions site. But now that i have deleted the .dll file, they no longer have an icon, and it just says that i have "no acces to the file" This is a screenshot from the CurePCsolutions site, about the files that were renamed. (i dont want to post the link, because of the risc of infections) EDIT: The problem is, that the other files are 350MB, and that is a lot to upload EDIT2: just tried one of those avi files, it also says 0 bytes, but on my pc it is 350mb EDIT3: I renamed the file that was lijstduits.doc.exe back to .doc, and now it says File size: 43008 bytes MD5: f04fd1821ae0fd1ae871dbc3a27058c5 SHA1: 754030b18b33ae2482c6eaf399d81cfd94abf90b AND DrWeb 4.33 12.16.2006 Trojan.Encoder.10 Norman 5.80.02 12.15.2006 W32/Cups.A Panda 9.0.0.4 12.16.2006 Adware/SpySheriff

Always says "no virus found" and File size: 0 bytes MD5: d41d8cd98f00b204e9800998ecf8427e SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 is it normal that the file size says 0 bytes? because the file is a few kb large. And when i open "my documents" avg antivirus gives me a warning "warning hidden extension .exe" Thx by the way for the help sofar

Avg found nothing. --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 18:38:10 16/12/2006 + Scan result: Nothing found. ::Report end

smitfraudfix log SmitFraudFix v2.130 Scan done at 17:42:14,98, za 16/12/2006 Run from E:\Documents and Settings\Frederick\Bureaublad\SmitfraudFix OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» E:\ »»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\Frederick »»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\Frederick\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» E:\DOCUME~1\FREDER~1\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» E:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Mijn huidige introductiepagina" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{947254B5-96F3-4A9D-FF34-8466477D897C}"="Printer driver" »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End

uninstall list µTorrent Ad-Aware SE Personal Adobe Bridge 1.0 Adobe Common File Installer Adobe Download Manager 2.0 (alleen verwijderen) Adobe Flash Player 9 ActiveX Adobe Help Center 1.0 Adobe Photoshop CS2 Adobe Reader 7.0.8 - Nederlands Adobe Stock Photos 1.0 Apple Software Update Ares 1.9.0 AVG Free Edition Battlefield 2 BfSV 0.85 Cisco Systems VPN Client 4.8.01.0300 Combined Community Codec Pack 2006-07-28 (Remove Only) EVEREST Home Edition v2.20 GTA San Andreas HijackThis 1.99.1 Hotfix for Windows XP (KB909394) Image Resizer Powertoy for Windows XP Indeo® Software Microsoft .NET Framework 1.1 Microsoft ActiveSync 4.0 Microsoft Office FrontPage 2003 Microsoft Office Professional Editie 2003 Mozilla Firefox (1.5.0. Nero 7 Demo NVIDIA Drivers NvMixer PeerGuardian 2.0 QuickTime SAS Learning Edition 2.0 SolidConverterPDF Telemeter 3.5f VideoLAN VLC media player 0.8.5 Winamp (remove only) Windows Live Messenger Windows Media Format Runtime Windows Media Player 10 Windows Media Player 10 Hotfix - KB894476 WinRAR Xfire (remove only) Fresh Hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 17:24:25, on 16/12/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\System32\brsvc01a.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\System32\brss01a.exe E:\WINDOWS\Explorer.EXE E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe E:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe E:\Program Files\Microsoft ActiveSync\wcescomm.exe E:\PROGRA~1\MICROS~2\rapimgr.exe E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe E:\Program Files\Cisco Systems\VPN Client\cvpnd.exe E:\WINDOWS\System32\nvsvc32.exe E:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe E:\Program Files\MSN Messenger\msnmsgr.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\Telemeter 3.0\Telemeter3.exe E:\Program Files\Internet Explorer\iexplore.exe E:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O4 - HKLM\..\Run: [NVMixerTray] "E:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\wcescomm.exe" O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{009A856C-37DB-4A4C-B80C-8651986985D2}: NameServer = 198.231.24.102 O17 - HKLM\System\CCS\Services\Tcpip\..\{8804FB52-7789-47B8-9A11-0B689603007D}: NameServer = 198.231.24.102 O17 - HKLM\System\CCS\Services\Tcpip\..\{9C3C5C1B-CE75-4A8C-9291-96D12B200435}: NameServer = 198.231.24.102 O17 - HKLM\System\CCS\Services\Tcpip\..\{D11A5074-21F9-4863-A76F-E0CB00718422}: NameServer = 198.231.24.102 O17 - HKLM\System\CCS\Services\Tcpip\..\{D4C19F45-0E93-45CC-8C80-CD6C64B4FE6D}: NameServer = 198.231.24.102 O17 - HKLM\System\CS1\Services\Tcpip\..\{009A856C-37DB-4A4C-B80C-8651986985D2}: NameServer = 198.231.24.102 O17 - HKLM\System\CS2\Services\Tcpip\..\{009A856C-37DB-4A4C-B80C-8651986985D2}: NameServer = 198.231.24.102 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - E:\WINDOWS\System32\brsvc01a.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - E:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - E:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe I have no more problems with that "black.mht" page, ever since i deleted the dll. But the files are still names .exe, and i cant change them. Maybe i schould not have deleted the .dll file?

hello, Some spyware changed about 3GB of files into .exe, and simply renaming it doesnt help. i had the same problem as discribed here: http://forum.zebulon.fr/index.php?showtopic=111010&st=0 Here is the hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 16:44:51, on 16/12/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\System32\brsvc01a.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\System32\brss01a.exe E:\WINDOWS\Explorer.EXE E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe E:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe E:\Program Files\Microsoft ActiveSync\wcescomm.exe E:\PROGRA~1\MICROS~2\rapimgr.exe E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe E:\Program Files\Cisco Systems\VPN Client\cvpnd.exe E:\WINDOWS\System32\nvsvc32.exe E:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe E:\Program Files\MSN Messenger\msnmsgr.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\Internet Explorer\iexplore.exe E:\Program Files\Mozilla Firefox\firefox.exe E:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = E:\WINDOWS\blank.mht R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = E:\WINDOWS\blank.mht R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = E:\WINDOWS\blank.mht R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O2 - BHO: E:\WINDOWS\System32\1A9BDAF.dll - {947254B5-96F3-4A9D-FF34-8466477D897C} - E:\WINDOWS\System32\1A9BDAF.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O4 - HKLM\..\Run: [NVMixerTray] "E:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\wcescomm.exe" O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{009A856C-37DB-4A4C-B80C-8651986985D2}: NameServer = 198.231.24.102 O17 - HKLM\System\CCS\Services\Tcpip\..\{8804FB52-7789-47B8-9A11-0B689603007D}: NameServer = 198.231.24.102 O17 - HKLM\System\CCS\Services\Tcpip\..\{9C3C5C1B-CE75-4A8C-9291-96D12B200435}: NameServer = 198.231.24.102 O17 - HKLM\System\CCS\Services\Tcpip\..\{D11A5074-21F9-4863-A76F-E0CB00718422}: NameServer = 198.231.24.102 O17 - HKLM\System\CCS\Services\Tcpip\..\{D4C19F45-0E93-45CC-8C80-CD6C64B4FE6D}: NameServer = 198.231.24.102 O17 - HKLM\System\CS1\Services\Tcpip\..\{009A856C-37DB-4A4C-B80C-8651986985D2}: NameServer = 198.231.24.102 O17 - HKLM\System\CS2\Services\Tcpip\..\{009A856C-37DB-4A4C-B80C-8651986985D2}: NameServer = 198.231.24.102 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - E:\WINDOWS\System32\brsvc01a.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - E:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - E:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

Hi, thats why i was thinking about installing it on an old pc, i know its a false antipyware program, but maybe it can recover the files it killed. But i'll open an other topic with my log.

Non je suis desole, mais je pense que je n'ai rien dit, que peut t'aider. Je vais essayer en francais. J'ai expliquer que j'ai le même probleme que vous. Donc, le changement des fichiers en xls.exe, avi.exe, etc... et la probleme de la page "blank.mht" en Internet Explorer. J'ai trouver un .dll (1A9BDAF.dll) dans c:/windows/system32 (c'etait cache), c'est come le F9428.ddl de vous. J'ai changer le nom ce dll en "xxx1A9BDAF.dll" et apres que j'ai fait ca, j'ai effacer "black.mht" dans c:/windows/. J'ai changer mon page d'accueil, et maintenant, je n'ai plus de problemes avec ca. Mais je vous conseille de ne pas faire ca, mais de attendre une reponse ici, parce-que je ne suis pas un specialiste. Mais la probleme de mes fichiers reste (presque 3Gb) . Et je ne sait pas, ci je peut les reparer. voila, j'espère que tu comprends. JjJames

~~ edit by ipl_001: this discussion was split from http://forum.zebulon.fr/index.php?showtopic=111010 Hi, sorry but my french is not good enough to talk about this virus so i'll try it in english. I have had the same problem a mentioned above. only problem is that some important school files, movie files etc. have been renamed with the .exe. and every time i opened IE6, i got a page called "blank.mht" I had already found out that the file "1A9BDAF.dll" in my system32 file was causing most of this, so i renamed it to "xxxx1A9BDAF.dll". (it was hidden, i found it by arranging all files by the the date they were last changed, and that was the only file that was changed that day) and that was a succes. no more blank.mht, no more error messages when using shift of crtl. So that .dll file seems te cause most of that. after i rebooted, i could just delete the dll file. The only problem still remaining is if it is possibble to reconvert the changed .exe to their original files. I have about 3Gb of files that now have .exe extension. Do you think it is possible? I am thinking, about installing the CorePCsolutions software on an old pc, and then try if i can convert them back with their software. Merci beaucoup par avance JjJames ps: This seems to be a pretty new virus/spyware, not a lot about it on the internet, and the things you do find, are from this month