win32.Bettinet.AW / thnall1ac.exe : I has got me!!!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

boutros

Thread Starter
Joined
Oct 23, 2004
Messages
20
Hello All,

was working on a sys for a local company. Ca EZ trust starts throwing up virus alerts for thnall1ac.exe / win32.Bettinet.AW. Appears to be related to something called "a better internet". It was spawning 1 process running at boot from win\system32\. When i try to kill the process it re=spawns with a different jumble of letters .exe
The virus alert shows it residing at "user"\localsettings\temp and temp internet files

CA EZ trustAV ( latest version and updates) was run and although it alerted to the problem it didn't not find the worm/virus/trojan. Also ran pest patrol, adawarese/spybot/ewido. Ewido "found" it in memory and on the HD and removes it then on reboot there it is again. I have search all over the net and found no info on it. Is it new?
No virus def yet?

Ran sysinternals process explorer, see that the process is running in sys32 again, then booted to linux live cd and volkav commander/ntfs. Looked in the temp folders and system32, for the numerous names that this item called itself and there is nothing there to delete? It is there running but i can't find the thing anwhere.

For an obsessive person this kind of thing drives my insane. I usually am very good at cleaning systems from this sort of thing but this one has got me!

I would appreciate any ideas. I do not have the system here with me right now. But i will go get it again and conquer this dirty son of a gun, with your help!!!:)

thanks so much,
Boutros
 

gjw

Joined
Nov 14, 2004
Messages
192
hi Boutros,


here are some links off this site regarding betterinternet.


http://forums.techguy.org/t231619&highlight=betterinternet.html



http://forums.techguy.org/t223693&highlight=betterinternet.html

load hjt from below install to a folder on main drive.

http://www.majorgeeks.com/download3155.html

run hjt and paste the log in your reply.

some other goodies,

SpywareBlaster 3.4 http://majorgeeks.com/download2859.html
SpyBot V1.4 http://www.majorgeeks.com/download2471.html * NEW *
AdAware SE 1.06 http://www.majorgeeks.com/download506.html - * NEW *

DL them (they are free), install them, check each for their
definition updates and then run AdAware and Spybot, fixing anything
they say.

In SpywareBlaster - Always enable all protection after updates
In SpyBot - After an update run immunize

post hjt log
 
Joined
Jul 26, 2002
Messages
46,349
Please do this:

First create a permanent folder somewhere like in My Documents and name it Hijack This.

Now Click here to download Hijack This. Download it and click "Save". Save it to the Hijack This folder you just created.

Click on Hijackthis.exe to launch the program. Click on the Do a system scan and save a logfile button. It will scan and then ask you to save the log. Click "Save" to save the log file and then the log will open in notepad.

Click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.

DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

boutros

Thread Starter
Joined
Oct 23, 2004
Messages
20
thanks guys,

it will be tues. before i will have access to the system again. But i will do it then and post the results.

Once again thanks for your offers of help, you guys have a good weekend. Off to read the posts mentioned above.

peace,
boutros
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top