Jump to content

Change Mode

Recommended Posts

I apologise for my lack of knowledge when it comes to all of this.

I've never really experienced much hassle when it comes to my PC. It's usually always clean Virus free etc. Daily scans and everything.

Not sure what could have done it this time.

I'm just hoping I don't need a clean Windows Install / format.

Link to post
Share on other sites
  • Replies 52
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

I know I never can explain the why's and what happened, the internet is full of that but, I did want to help.

I'm not a computer whiz either so I apologise for my lack of knowledge too.

Link to post
Share on other sites

Avast never picked anything up.

ESET is still going, looks like about 1% left. It's taking forever for this last 5%.

So far its found 4 Infected files.


Win32/OpenCandy application

Win32/Somoto.E application

multiple threats

Win32/OpenCandy application


Thats what its saying so far.

Looks like this thing is spreading? :(

Link to post
Share on other sites

Ok ESET just finished. This is what I got in the log file;


[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=
# OnlineScanner.ocx=
# api_version=3.0.2
# EOSSerial=8af115d730c5d24e962f271a247b43ed
# engine=15643
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-10-26 02:16:08
# local_time=2013-10-27 01:16:08 (+1000, AUS Eastern Daylight Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 0 134430418 0 0
# scanned=365189
# found=4
# cleaned=0
# scan_time=9306
sh=A5F6640AEC86D886FC7787CA04446DDBB59F1C9E ft=1 fh=755d50e842f97319 vn="Win32/OpenCandy application" ac=I fn="C:UsersRikDownloadsavc-free.exe"
sh=C2CEFDC13CA3B076D3BE597715F4B4F2E7492542 ft=1 fh=7822ecf0207097f6 vn="multiple threats" ac=I fn="C:UsersRikDownloadsLimeWireWin.exe"
sh=8C49FBCB3F13B71B76E2A7AA800F6F585B1B3A50 ft=1 fh=7453b3f710723308 vn="Win32/Somoto.E application" ac=I fn="C:UsersRikDownloadsspotydl_setup.exe"
sh=FAC48F2EA26336E645A33E3A41CF9B6BF7FE7626 ft=1 fh=97e4c4c442ff2a92 vn="Win32/OpenCandy application" ac=I fn="C:UsersRikDownloadsFL 9.1FL91.exe"
Link to post
Share on other sites

Those ones weren't located by ESET earlier today, but I also didn't have all of the options selected in Advanced.


Edit: I tried LGKC - no luck. Still getting the same errors.


I even get them when I right click on my Volume option on the bottom tool bar and click 'Playback Devices', it says;


"control.exe - Bad Image

C:WindowsSystem32sfc_os.DLL is not.." etc.


I'm guessing I may have deleted a Windows file today when getting rid of the trojans..

Edited by Gotshadow
Link to post
Share on other sites

Hi Joe



Win32/OpenCandy is an adware program that might be bundled with other installers.<--not your biggest problem if indeed adware

the file was probably betterinstaller.exe. delete the file if found and if it will allow you. some toolbar crap from somoto




multiple threats" ac=I fn="C:UsersRikDownloadsLimeWireWin.exe"

C:UsersRikDownloadsspotydl_setup.exe <-- is infected

C:UsersRikDownloadsFL 9.1FL91.exe <--did you download a cracked copy?

Link to post
Share on other sites

I'm trying to put Windows 7 on a USB because I don't have the disc from when I bought the computer. So the only way I can boot is from USB as I have no discs.

But I'm getting the usual error so I don't think I can complete the iso to usb transfer. >.<

Link to post
Share on other sites

The system is working (seemingly) faster, but I'm still getting this error every time I open most programs. I'm trying to burn this Windows 7 to usb to repair the system files suggested by Joe. Thanks for your help Juliet.

Of course.
Link to post
Share on other sites

You can download the Windows 7 .iso file of your choice here and burn to dvd > http://forums.mydigitallife.info/threads/14709-Windows-7-Digital-River-direct-links-Multiple-Languages-X86-amp-X64/page60 then you can run a repair install as described here > http://www.sevenforums.com/tutorials/3413-repair-install.html






Link to post
Share on other sites

caintry - thanks for your reply.


I'm just completing the repair now, looks like the error I was getting from programs might have ceased.


The only one I could make happen on cue was when I right clicked on my volume control in the toolbar and clicked Playback Devices - and im not getting the error when I do this now.


Framework is still doing its thing at the moment, once thats finished I'll restart the computer and see what happens. Fingers crossed!

Link to post
Share on other sites

lol.....don't touch anything!

I think your fine, if not things would be acting up and you'd get that gut feeling.


Don't download/run keygens or cracks..Most are infected by some kind of malware. At worst -- system could be destroyed & personal info such as credit card numbers/bank passwords stolen.

At this point it would be a good idea to change passwords if you do online shopping or online banking but not from this computer....go to a known clean computer to do this.


Let's get you some layered protection on here.


Firefox 3

The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.


WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

[*]Green should be good to go

[*]Yellow for caution

[*]Red to stop

Backup regularly


You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.


Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...