I have just removed an ugly Trojan(Trojan.Killproc-1)from my computer with the help of CW and DR. Web's free site cure. Yayyy!!!
But I still have a buggerboo: Two "Hacktools" that just won't go away.
The file path shows up like this in my CW report: c:\AAWork\$OEM$\$OEM$.exe: Hacktool.Blackout-2.
I've done a lot of research and stuff and the only thing I have come up with is an $OEM$ removal page. Here it is:

$OEM$ REMOVAL

Step 1: Use Windows File Search Tool to Find OEM.exe Path

1.Go to Start > Search > All Files or Folders.
2.In the "All or part of the the file name" section, type in "OEM.exe" file name(s).
3.To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.
4.When Windows finishes your search, hover over the "In Folder" of "OEM.exe", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete OEM.exe in the following manual removal steps

Step 2: Use Windows Task Manager to Remove OEM.exe Processes

1.To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.
2.Click on the "Image Name" button to search for "OEM.exe" process by name.
3.Select the "OEM.exe" process and click on the "End Process" button to kill it.

Step 3: Detect and Delete Other OEM.exe Files
1.To open the Windows Command Prompt, go to Start > Run > cmd and then press the "OK" button.
2.Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
3.To change directory, type in "cd name_of_the_folder".
4.Once you have the file you're looking for type in del "name_of_the_file".
5.To delete a file in folder, type in "del name_of_the_file".
6.To delete the entire folder, type in "rmdir /S name_of_the_folder".
7.Select the "OEM.exe" process and click on the "End Process" button to kill it.

I'm not sure this is the thing to do. I'm sure you can remove other files/folders this way also. Before I do it I would appreciate some input.
Thank you Olylance
[/b]

That sounds like a lot of work. Can't you remove the file/folder which is responsible for the process by setting ClamWin's via ClamWin's Infected File preference to Remove or Quarantine? If you can't, then you might leave the preference set at Remove or Quarantine, boot Windows into Safe Mode (F8), and run a scan. If you know the location of the OEM thingee, go to the file/folder and do a scan--otherwise a full harddrive scan will do, but it will take a long time. ClamWin goes back to default preferences in Safe Mode.

Malwarebytes' Anti-Malware program can remove a lot of stuff and its traces. You might go to their web site and download the free version, which is as good as the paid version but doesn't have a real-time scanner--it only scans on demand, like ClamWin.

The ClamWin Anti-Malware page also has some helpful references.

Regards,

TY GUITAR BOB, ILL TRY WHAT U SUGGEST AND LET U KNOW WHAT HAPPENS.
ALSO THERE'S ANOTHER BUGABOO, LOL, I FORGOT TO MENTION: "C:AAWork\SciTE\SciTE.exe: Worm.Autorun-1793" in the report

OK, I got CW to quarantine the thingies. I'll wiat and se what my next scan says and also how my puter works in the "script" dept. You seem to be one of the few on here who knows what they are doing and is willing to take the time to do so. Thanks a bunch.

There are some very knowledgeable people posting in the ClamWin forums. Unfortunately, they can't be aound all the time, so I try to help when I can.

If you are sure you have a virus (check it out first), you can use the quarantine option to remove it. I would rather do that than just remove it. I like to keep the option at report only--that way, if you do get a false positive, you haven't lost the program. I once had a false positive in an important Windows file. I had ClamWin set to quarantine, and I lost access to my Windows operating system--took me a couple of days to get things back like they were. Since then, I use report only until I have checked out a file on Jotti or VirusTotal. I will then temporarily set ClamWin to quarantine and do a scan and let it quarantine the file--unless the infected file is an important Windows file. You can replace an infected Windows file. The free Cureit cleaning program from Dr. Web is pretty good, and it can often clean a file for you. It's handy to keep around on your desktop--you don't have to install it--just download it to your desktop and run it every so often or when you get an infection. You should check a file with Jotti or ViusTotal, and if it is infected and you don't want to bother re-setting ClamWin from report to quarantine, run Cureit first and see if it can take care of the file for you. It is updated every couple of days and will tell you if it needs updating when you run it.

Regards,

What you just outlined is what I'm doing now. I have Cureit installed and use it in conjunction with CW and VT. Everything seems to be fine.....so far

In the case of a single file like that i use fileassassin, made by the same people who made malwarebytes