MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums
March 18, 2019, 03:13:18 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
March 18, 2019, 03:13:18 PM

Login with username, password and session length
 
News
New  We now offer MyTechSupport.ca Merchandise! Every purchase goes towards maintaining our site.
Thank you for supporting MyTechSupport.ca!
  Show Posts
Pages: [1] 2 3 ... 19
1  Internet & Network Support / Security & Viruses / Re: please help with computer problem! (Hijackthis report inside) on: March 24, 2006, 06:41:55 PM
Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


* * * * * *





  • Download and run - bfu.zip
  • Checkmark the following boxes:
    • Use settings specified in script for the above option
    • Show log after script ends[/B]
    • Click the Web button located on the top right corner
    • Copy/Paste this url into the address bar of the Download script window:
    • Execute the script by clicking the Execute button.
    • When it finishes running, click the Save button for a copy of the log
    • Post the log created by the script when you have completed the fix


    * * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *


    Download & install CleanUp.exe (not recommended for WinXP64)

    Download and install Ewido Security Suite
    • When installing, under "Additional Options",
      • uncheck - Install background guard
      • Have Ewido update itself & then exit the program.
      If you are having problems with the updater, you can use this link to manually update Ewido

      It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.


      * * * * * * DISABLING SERVICES * * * * * * * * * * * * * * * * *


      Click Start -> Run - type SERVICES.MSC & then click on the OK button
      • Locate the service - Command Service (cmdService)  
      • Double-click on it to open the Properties dialog.
      -  Change the Startup type to Disabled & then click on the Apply button
      -  Stop the service by using the Stop button.
      • Then start HiJackThis & go to Config... -> Misc.Tools -> Delete an NT service
      • In the popup box that appears, copy/paste  cmdService
      • Click on the OK button & answer No if prompted to reboot

      * * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * *


      Do a HijackThis scan & place a check next to these items and select "Fix checked":

       R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
      R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
      O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
      O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL
      O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll
      O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
      O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
      O4 - HKLM\..\Run: [winlog] winlog.exe
      O4 - HKLM\..\Run: [keyboard] C:\\keyboard1.exe
      O4 - HKLM\..\Run: [mousepad] C:\\mousepad1.exe
      O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
      O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
      O4 - HKLM\..\Run: [ms04593238069] C:\WINDOWS\ms04593238069.exe
      O4 - HKLM\..\Run: [Ryvoqlbi] C:\Program Files\Ysfn\Hzbyo.exe
      O4 - HKLM\..\Run: [sys01069593238] C:\WINDOWS\sys01069593238.exe
      O4 - HKLM\..\RunServices: [winlog] winlog.exe
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
       


      * * * * * * RESTART WINDOWS IN SAFE MODE * * * * * * * * * *


      1. Restart your computer
      2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
      3. Instead of Windows loading as normal, a menu should appear
      4. Select the option to run Windows in Safe Mode.


      * * * * * * UN-INSTALLING PROGRAMS * * * * * * * * * * * * * *


      Go to Start -> Control Panel -> Add or Remove Programs and uninstall the following programs:

      Internet Optimizer
      Toolbar888
      Command


      Please note any other programs that you dont recognize in that list in your next response


      * * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * *


      If you have not done so already, please enable the viewing of Hidden files
      From Windows Explorer, go to Tools -> Folder Options -> View tab.
      • Tick - 'Show hidden files and folder'
      • Untick - 'Hide file extensions for known types'
      • Untick - 'Hide protected operating system files'
      • Click Yes to confirm & then click OK
      Locate and delete the following files/folders: (let me know if you fail to find/delete any)

      C:\mousepad1.exe
      C:\WINDOWS\nem220.dll
      C:\keyboard1.exe
      C:\mousepad1.exe
      C:\WINDOWS\SYSC00.exe
      C:\WINDOWS\ms04593238069.exe
      C:\WINDOWS\sys01069593238.exe
      C:\WINDOWS\VGhlIEplZGkgTWFzdGVy\
      C:\Program Files\Ysfn\
      C:\Program Files\Internet Optimizer\
      C:\Program Files\Toolbar888



      * * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * *


      Run Cleanup! using the following configuration:

      1. Click Options...
      2. Set the slider initially to Standard CleanUp!
      3. Uncheck the following:
      • Delete Newsgroup cache
      • Delete Newsgroup Subscriptions
      • Scan local drives for temporary files
      4. Click OK
      5. Press the CleanUp! button to start the program.
      6. Do NOT reboot/logoff if prompted.

      * CleanUp! will not create any backups!!


      * * * * * * RUNNING ADDITIONAL SCANNERS * * * * * * * * * * *


      Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
      • Click Scanner
      • Click Complete System Scan to begin scanning.
      • Click OK when prompted to clean files
      With the first file it prompts to clean, select the option:
      • "Perform action on all infections"
      • .Choose clean and click OK.
      Once finished, click the Save report button & save the report to your desktop

      ** Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.


      * * * * * * REBOOT TO NORMAL MODE * * * * * * * * * * * * * *


      Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

      Answer Yes, when prompted to install an ActiveX component.
      • The program will then begin downloading the latest definition files.
      • Once the files have been downloaded click on NEXT
      • Locate the Scan Settings button & configure to:
        • Scan using the following Anti-Virus database:
        • Extended
      • Scan Options:
        • Scan Archives
        • Scan Mail Bases
        • Click OK & have it scan My Computer
        • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
        • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
        * Turn off the real time scanner of any existing antivirus program while performing the online scan


        * * * * * * CHECK LIST  * * * * * * * * * * * * * * * * * * * * *


        In your next post, please include fresh logs from:

        • HiJackThis log
        • Bfu's log
        • Online Scan
        • Ewido   
           
        Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now[/list]
        2  Internet & Network Support / Security & Viruses / Re: The Most Determined Spyware EVER on: November 28, 2005, 05:52:15 PM
        Due to the lack of feedback, this Topic is closed.

        If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

        Everyone else please begin a New Topic.
        3  Internet & Network Support / Security & Viruses / Re: Trojan horse Generic.GM help on: November 27, 2005, 11:06:13 PM
        Please refer to item (1) of my previous post to clear the System Restore cache. That'll fix it
        4  Internet & Network Support / Security & Viruses / Re: Trojan horse Generic.GM help on: November 27, 2005, 10:05:26 PM
        Well, if Panda found you to be clean, I see no reason to doubt that.

        Now that your system is clean, please follow these simple steps in order to keep your computer clean and secure:
        1. Clear & reset System Restore's cache

          1. click Start >> Run - type SYSDM.CPL & press Enter
          2. Select the System Restore Tab
          3. Tick on the checkbox - Turn off System Restore on all drives
          4. Click Apply
          5. Then untick the same checkbox & click OK  


        2. DISABLE THE VIEWING OF SYSTEM FILES

        3. From Windows Explorer, go to Tools>Folder Options> View tab.
          • Enable - Show hidden files and folder
          • Disable - Hide file extensions for known types
          • Disable - Hide protected operating system files
          Click Yes to confirm & then click OK

        4. Make your Internet Explorer more secure -  This can be done by following these simple instructions:

          1. From within Internet Explorer click on the Tools menu and then click on Options.
          2. Click once on the Security tab
          3. Click once on the Internet icon so it becomes highlighted.
          4. Click once on the Custom Level button.
            • Change the Download signed ActiveX controls to Prompt
              Change the Download unsigned ActiveX controls to Disable
              Change the Initialize and script ActiveX controls not marked as safe to Disable
              Change the Installation of desktop items to Prompt
              Change the Launching programs and files in an IFRAME to Prompt
              Change the Navigate sub-frames across different domains to Prompt
          5. When all these settings have been made, click on the OK button.
          6. If it prompts you as to whether or not you want to save the settings, press the Yes button.
          7. Next press the Apply button and then the OK to exit the Internet Properties page.


        5. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine.  This alone can save you a lot of trouble with malware in the future.

          See this link for a listing of some online & their stand-alone antivirus programs:
          Virus, Spyware, and Malware Protection and Removal Resources


        6. Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish).  If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


        7. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.  Without a firewall your computer is succeptible to being hacked and taken over.  I am very serious about this and see it happen almost every day with my clients.  Simply using a Firewall in its default configuration can lower your risk greatly.

          For a tutorial on Firewalls and a listing of some available ones see the link below:
          Understanding and Using Firewalls


        8. Visit Microsoft's Windows Update Site Frequently - It is important that you visit windowsupdate.com regularly.  This will ensure your computer has always the latest security updates available installed on your computer.  If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


        9. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.  This will provide realtime spyware & hijacker protection on your computer alongside your virus protection.  You should also scan your computer with program on a regular basis just as you would an antivirus software.

          A tutorial on installing & using this product can be found here:
          Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers


        10. Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

          A tutorial on installing & using this product can be found here:
          Using Ad-aware to remove Spyware, Malware,  & Hijackers from Your Computer

        11. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

          A tutorial on installing & using this product can be found here:
          Using SpywareBlaster to protect your computer from Spyware and Malware


        12. Update all these programs regularly - Make sure you update all the programs I have listed regularly.  Without regular updates you WILL NOT be protected when new malicious programs are released.


        13. Winpatrol -  Download and install the free version of Winpatrol.

          A tutorial for this product is located here  Using Winpatrol to protect your computer from malicious software


        14. IE/Spyad - IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system.  It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.


        15. MVPS Hosts file - The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc.  Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer


        16. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program!  (AOL, Yahoo, ICQ, IRC, MSN)


        17. Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.


        18. Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.


        19. Google Toolbar - Get the free google toolbar to help stop pop up windows.

        To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

        Follow this list and your potential for being infected again will reduce dramatically. Your system will be optimised against future threats.

        It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
        Have a safe & happy computing day.  

        Please respond to this thread one more time so we can mark this thread as resolved.

        5  Internet & Network Support / Security & Viruses / Re: The Most Determined Spyware EVER on: November 25, 2005, 01:17:41 AM
        No need to repost the FindLOP.txt.

        Please reboot to Safe Mode to delete these...

        C:\Documents and Settings\ALVIN ACE\Application Data\QcBar
        C:\Documents and Settings\ALVIN ACE\Application Data\tvmcwrd.dll
        C:\Documents and Settings\ALVIN ACE\Application Data\tvmknwrd.dll

        C:\Documents and Settings\fevie\Application Data\Lycos

        C:\Documents and Settings\Florence\Application Data\C2Media
        C:\Documents and Settings\Florence\Application Data\Lycos
        C:\Documents and Settings\Florence\Application Data\QcBar
        C:\Documents and Settings\Florence\Application Data\tvmcwrd.dll
        C:\Documents and Settings\Florence\Application Data\tvmknwrd.dll
        C:\Documents and Settings\Florence\Application Data\tvmuknwrd.dll

        C:\Documents and Settings\My Computer\Application Data\Lycos

        C:\Documents and Settings\Reina\Application Data\tvmknwrd.dll

        C:\Documents and Settings\Rica\Application Data\C2Media
        C:\Documents and Settings\Rica\Application Data\Lycos
        C:\Documents and Settings\Rica\Application Data\QcBar
        C:\Documents and Settings\Rica\Application Data\tvmknwrd.dll
        C:\Documents and Settings\Rica\Application Data\tvmuknwrd.dll



        After that, go to Start > Run - type cmd <Press Enter>
        type attrib -h -r -s c:\windows\tasks\*.job<Press Enter>
        type explorer %windir%\tasks<Press Enter>

        that'll take you to the directory


        Delete all these files..

        A034B7FF91BB36BB.job
        A06F1FEF91A49933.job
        A2C3205A93B8CDFA.job
        A36F645091B91BF0.job
        A42C6F7190EFE559.job
        A4300C1B91938257.job
        A530242D9187DD3D.job
        A654F89191D36B81.job
        A6D9840191223841.job
        A6DB943191840EFD.job
        A70CCFE491DF4CD8.job
        A73455879187D0D7.job
        A7BA5FA2918DD556.job
        A7D45FF09187D298.job
        A805478B9102FB13.job
        A80C4E6D9193C55D.job
        A8388D3B918B0437.job
        A86693CD91810A65.job
        A87059AE9187D06E.job
        A8F752B591E8C715.job
        A934DF3C90FB542C.job
        A94022079183DC5B.job
        A94AF539910169CD.job
        A99EED5B90E1639B.job
        A9CB1B4391A49A6B.job
        A9EAAD3E91852446.job
        A9F312679320BEBF.job
        AA3CA72091AB2118.job
        AA8A2F7F9181A3BB.job
        AAAF05B59184BA11.job
        AB0E709B9166199F.job
        AB6C74C89187EA94.job
        AB8B8F4F91D805CB.job
        ABA75EFF9180D447.job
        AC16A45891A55790.job
        AC6FAD4091845FEC.job
        AC8BF7E291EC6C16.job
        ACEAFA5091657124.job
        ACF305C59198B831.job
        ACFC54FC9187C6EC.job
        AD0663B4918A1778.job
        AD1FF8A9910C70C5.job
        AD4A151791018D27.job
        AD8ED75B91A949E3.job
        AD9CEDC591DF9EDD.job
        ADAAD389917D4BA5.job


        Also delete any other instances of 16 lettered named jobs.


        When done, reboot back to N/mode to post a fresh HJT log
        Let me know if you still have other issues.



        6  Internet & Network Support / Security & Viruses / Re: The Most Determined Spyware EVER on: November 25, 2005, 01:03:56 AM
        The findlop.txt seems incomplete. What happens after this...
        quote:
        [TRACE] Activating job 'ADAAD389917D4BA5.job'
        [TRACE] Printing all job properties

        ApplicationName: 'c:\docume~1\florence\applic~1\abo

        7  Internet & Network Support / Security & Viruses / Re: Trojan problem on: November 24, 2005, 08:52:11 AM
        Hi Deric,

        Thanks for starting a new thread. Please subscribe to this thread to get immediate notification of fixes as soon as they are posted.


        ______________________________________________________________________________________________


        Please download these additional files/programs.  Do not run them until instructed to do so.
        Unless otherwise stated, they should be stored in same directory as the HiJackThis program.  

        CleanUp! - Install.

        KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175)


        'UNPLUG'/DISCONNECT YOUR COMPUTER FROM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING


        This webpage would not be available when you're carrying out the fix. Please save the following instructions in Notepad. I have customed my instructions on the assumption that you are using Notepad. It may lead to some confusion should you choose to do otherwise.

        If there's anything that you don't understand, kindly ask your questions before proceeding with the fixes. There should not be any opened browsers when you are carrying out the procedures below.


        IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.  


        ______________________________________________________________________________________________


        Run a scan with HiJackThis & select/tick the following & click "Fix checked" :

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        O2 - BHO: WinStat - {0BAE99AF-A9F7-4f7e-9C72-2C1CC81BE0FF} - C:\WINDOWS\System32\WinStat13.dll
        O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
        O4 - HKLM\..\Run: [Microsoft Network Services Controller] C:\WINDOWS\System32\mmsvc32.exe
        O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http:///images/nocache/funwebproducts/ei-2/PopularScreenSaversFWBInitialSetup1.0.0.8-2.cab
         


        ______________________________________________________________________________________________



        Click Start->Run - type SERVICES.MSC & then click on the OK button
        1. Locate the service -  qtask (qtask.exe)
        2. Double-click on it to open the Properties dialog.
        3. Stop the service by using the Stop button.
        4. Change the Startup type to Disabled & then click on the OK button
        5. Then start HiJackThis & go to Config>Misc.Tools...> Delete an NT service...
        6. In the popup box that appears, type in qtask.exe & then click on the OK button


        ______________________________________________________________________________________________



        Launch KillBox.exe & select the following option - delete on Reboot

        1. Select all the filenames below & then click on Notepad's 'Edit' menu & select Copy

        C:\WINDOWS\System32\mmsvc32.exe
        C:\WINDOWS\qtask.exe
        C:\WINDOWS\System32\WinStat13.dll


        2. Go to the File menu, and choose Paste from Clipboard
        3. Click on the dropdown menu next to Full Path of File to Delete field.
        4. Verify that the filenames you pasted are found there
        5. Click the RED X button.
        6. Click Yes at the Delete on Reboot prompt.
        7. Click Yes at the 'Pending Operations prompt'.

        # If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.

        ______________________________________________________________________________________________


        Next, please reboot your computer in SafeMode by doing the following:
        1. Restart your computer
        2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
        3. Instead of Windows loading as normal, a menu should appear
        4. Select the first option, to run Windows in Safe Mode.

        ______________________________________________________________________________________________

        Run Cleanup! using the following configuration:

        1. Click Options...
        2. Set the slider to Standard CleanUp!
        3. Uncheck the following - Newsgroup cache / Newsgroup Subscriptions / Scan local drives for temporary files
        4. Click OK
        5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.

        ** CleanUp! will not create any backups!!


        ______________________________________________________________________________________________


        Run Ewido with it's updated definitions:(...it's important that all windows must be closed)

        1. Click Scanner
        2. Click 'Complete System Scan' to begin scanning.
        3. Click OK when prompted to clean files
        4. With the first file it prompts to clean, select the option - 'Perform action on all infections'
        5. Choose 'clean' and click OK.
        Once finished, click the Save report button & save the report to your desktop

        ** Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.


        ______________________________________________________________________________________________



        REBOOT TO NORMAL MODE

        Perform an online scan with Internet Explorer with  Panda ActiveScan

        1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
        2. Click 'Scan Now'
        3. Enter your e-mail address & click Scan Now ..begins downloading 8 MB Panda's ActiveX controls
        4. Begin the scan by selecting My Computer
        5. If it finds any malware, it will offer you a report.
        6. Click on see report. Then click Save report
        7. Post the contents of the report in your next reply

        *You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
        *Turn off the real time scanner of any existing antivirus program while performing the online scan



        ______________________________________________________________________________________________


        Download Trend Micro
        8  Internet & Network Support / Security & Viruses / Re: Trojan horse Generic.GM help on: November 24, 2005, 08:31:31 AM
        Deric,

        Please start a new thread for your problem.

        I would be more than glad to help you there, if you would PM me the link to the new thread

        Regards
        sUBs
        9  Internet & Network Support / Security & Viruses / Re: The Most Determined Spyware EVER on: November 24, 2005, 08:28:22 AM
        I'm not sure if you managed to clean every file/folder found by Panda. But here's a list just in case ..  (let me know if any of them resist deletion)

        C:\DOCUME~1\LOCALS~1\APPLIC~1\ABOUTA~1\SUPPORTLOGCOAL.EXE
        C:\Documents and Settings\ALVIN ACE\Application Data\about acid bone\AIM OOZE JUNK.exe
        C:\Documents and Settings\ALVIN ACE\Application Data\about acid bone\izwsmxdu.exe
        C:\Documents and Settings\ALVIN ACE\Application Data\about acid bone\supportlogcoal.exe
        C:\Documents and Settings\ALVIN ACE\Application Data\Okay idle\
        C:\Documents and Settings\fevie\Application Data\about acid bone\
        C:\Documents and Settings\Florence\Application Data\Okay idle\
        C:\Documents and Settings\LocalService\Application Data\about acid bone\
        C:\Documents and Settings\LocalService\Application Data\Okay idle\
        C:\Documents and Settings\My Computer\Application Data\about acid bone\
        C:\Documents and Settings\My Computer\Application Data\Okay idle\
        C:\Documents and Settings\Rica\Application Data\about acid bone\
        C:\WINDOWS\system32\config\systemprofile\Application Data\about acid bone\
        C:\Documents and Settings\My Computer\Application Data\Lycos
        C:\WINDOWS\SYSTEM32\fiz1
        C:\WINDOWS\inf\polmx2.inf
        C:\WINDOWS\inf\satmat.inf
        C:\WINDOWS\msnmsn32.exe
        C:\WINDOWS\satmat.ini
        C:\WINDOWS\SYSTEM32\atmtd.dll
        C:\WINDOWS\INF\satmat.inf
        C:\WINDOWS\GatorHDPlugin.log-old.log
        C:\WINDOWS\pcconfig.dat



        Go to Start>Run - type REGEDIT

        1. Navigate to these keys -

        HKEY_CLASSES_ROOT\Interface\{D6188A7D-376C-4970-91AD-675BFCF3762E}

        2. Right click & delete the key (only keys listed in RED need to be deleted)
        3. Close the Registry Editor when you've finished  

        If any of the above registry keys are giving you problems deleting, right click on them and click on Permissions. Then click on the Advanced button. Make sure the first box (Inherit from parent...) is checked. Click OK and OK. Then try deleting the entry again. Once you're done, close the Registry Editor.


        Run CleanUp again after you have finished deletions

        Next, download fl.zip.
        Extract the contents to a new folder on Desktop. (do NOT run it from within the zip file)
        Within the folder, locate & double-click fl.bat.
        It should produce a report at c:\findlop.txt.
        Post the contents of the report in your next reply along with a new HJT log
        10  Internet & Network Support / Security & Viruses / Re: The Most Determined Spyware EVER on: November 23, 2005, 01:19:49 PM
        Hello and Welcome

        Please subscribe to this thread to get immediate notification of fixes as soon as they are posted.


        = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


        Please download these additional files/programs.  Do not run them until instructed to do so.
        Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

        CleanUp! - Install.

        Ewido Security Suite
        • Install Ewido Security Suite
        • When installing, under "Additional Options" uncheck..
          • Install background guard
          • Install scan via context menu
        • Double-click the icon on Desktop to launch Ewido
        You will need to update Ewido to the latest definition files.
        • On the left hand side of the main screen click update.
        • Then click on Start Update.
        The update will start and a progress bar will show the updates being installed.
        If you are having problems with the updater, you can use this link to manually update Ewido
        When you have finished updating, EXIT Ewido.

        LSPFix.exe

        Instructions for using LSPFix
        Double click on LSPFix.exe to run it.
        Once running, you will be required to tick the disclaimer - "I know what I'm doing".
        You'll find a windows with 2 panes.
        In the left pane which is labeled 'Keep', select all instances of this file:
        vetredir.dll
        Then click on the arrow pointing to the right, >>.
        This will move the entry to the right pane labeled 'Remove'
        Click the Finish button to complete the fix.


        UNPLUG YOUR COMPUTER FOM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING


        Please save the following instructions in Notepad. I have customed my instructions on the assumption that you have Notepad 'on'. It may lead to some confusion should you choose to do otherwise.

        If there's anything that you don't understand, kindly ask your question(s) before proceeding with the fixes. There should not be any open browsers when you are carrying out the procedures below.


        IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.


        = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


        Click Start->Run - type SERVICES.MSC & then click on the OK button
         Locate the service - Command Service (cmdService)  
         Double-click on it to open the Properties dialog.
         Stop the service by using the Stop button.
         Change the Startup type to Disabled & then click on the OK button

         Then start HiJackThis & go to Config>Misc.Tools...> Delete an NT service...
         In the popup box that appears, type in cmdService   & then click on the OK button


        = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


        Next, please reboot your computer in SafeMode by doing the following:
        1. Restart your computer
        2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
        3. Instead of Windows loading as normal, a menu should appear
        4. Select the first option, to run Windows in Safe Mode.


        = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


        Run a scan with HiJackThis & select/tick the following & click "Fix checked" :

        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
        O2 - BHO: (no name) - {00000000-0000-45B8-95E5-751A00C50DD0} - blank (file missing)
        O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\UmVpbmEA\command.exe (file missing)



        = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


        If you have not done so already, please enable the viewing of Hidden files
        From Windows Explorer, go to Tools>Folder Options> View tab.
        • Tick - Show hidden files and folder
        • Untick - Hide file extensions for known types
        • Untick - Hide protected operating system files
        Click Yes to confirm & then click OK

        Locate and delete the following files/folders, if present:
        • C:\WINDOWS\UmVpbmEA\
          C:\Program Files\WebSiteViewer\
          C:\Windows\erbmod.dll
          C:\Windows\misb.exe
          C:\Windows\12*.exe
          C:\Windows\drexinit.dll
          C:\Windows\cerbmod.dll
          C:\Windows\system32\dload.exe

        = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


        Run Cleanup! using the following configuration:

        1. Click Options...
        2. Set the slider to Standard CleanUp!
        3. Uncheck the following:
        • Delete Newsgroup cache
        • Delete Newsgroup Subscriptions
        • Scan local drives for temporary files
        4. Click OK
        5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
        * CleanUp! will not create any backups!!


        = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


        Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
        Click Scanner
        Click Complete System Scan to begin scanning.
        Click OK when prompted to clean files
        With the first file it prompts to clean, select the option:
         "Perform action on all infections"
        Choose clean and click OK.
        Once finished, click the Save report button & save the report to your desktop

        ** Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.


        = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


        REBOOT TO NORMAL MODE


        Perform an online scan with Internet Explorer with  Panda ActiveScan

        *You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
        *Turn off the real time scanner of any existing antivirus program while performing the online scan



        = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


        Download Trend Micro
        11  Internet & Network Support / Security & Viruses / Re: Trojan horse Generic.GM help on: November 20, 2005, 08:55:10 PM
        Did the Panda scan find any infected files which it couldnt disinfect?
        12  Internet & Network Support / Security & Viruses / Re: Trojan horse Generic.GM help on: November 17, 2005, 02:32:12 PM
        Hello and Welcome

        Please subscribe to this thread to get immediate notification of fixes as soon as they are posted.


        = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


        Please do not run Hijackthis from it's current location.
        Create a permanent directory - C:\Program Files\HiJackThis\
        Re-locate all files to the new directory  


        = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


        Please download these additional files/programs.  Do not run them until instructed to do so.
        Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

        CleanUp! - Install

        KillBox v2.0.0.175 - Save to Desktop.      

        Ewido Security Suite
        • Install Ewido Security Suite
        • When installing, under "Additional Options" uncheck..
          • Install background guard
          • Install scan via context menu
        • Double-click the icon on Desktop to launch Ewido
        You will need to update Ewido to the latest definition files.
        • On the left hand side of the main screen click update.
        • Then click on Start Update.
        The update will start and a progress bar will show the updates being installed.
        If you are having problems with the updater, you can use this link to manually update Ewido
        When you have finished updating, EXIT Ewido.

        rdrivRem.zip - Unzip to Desktop.  


        'UNPLUG'/DISCONNECT YOUR COMPUTER FROM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING


        This webpage would not be available when you're carrying out the fix. Please save the following instructions in Notepad. I have customed my instructions on the assumption that you are using Notepad. It may lead to some confusion should you choose to do otherwise.

        If there's anything that you don't understand, kindly ask your questions before proceeding with the fixes. There should not be any opened browsers when you are carrying out the procedures below.


        IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.


        = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


        Launch KillBox.exe & select the following options:
        • delete on Reboot
        Select all the filenames below & then click on Notepad's 'Edit' menu & select Copy
        •  C:\WINDOWS\System32\C:\WINDOWS\MSmedia.exe
          C:\WINDOWS\System32\smsse.exe
          C:\WINDOWS\System32\mcafeshield.exe
          C:\WINDOWS\System32\micront.exe
        *  Go to the File menu, and choose Paste from Clipboard
        *  Click on the dropdown menu next to Full Path of File to Delete field.
        *  Verify that the filenames you pasted are found there
        *  Click the RED X button.
        *  Click Yes at the Delete on Reboot prompt.
        *  Click Yes at the 'Pending Operations prompt'.

        # If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.


        = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


        Next, please reboot your computer in SafeMode by doing the following:
        1. Restart your computer
        2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
        3. Instead of Windows loading as normal, a menu should appear
        4. Select the first option, to run Windows in Safe Mode.


        = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


        Click Start->Run - type SERVICES.MSC & then click on the OK button
         Locate the service - MicroSoft Media Tools  
         Double-click on it to open the Properties dialog.
         Stop the service by using the Stop button.
         Change the Startup type to Disabled & then click on the OK button

         Then start HiJackThis & go to Config>Misc.Tools...> Delete an NT service...
         In the popup box that appears, type in MicroSoft Media Tools   & then click on the OK button


        = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


        Double-click rdrivRem.bat to run the program - follow the instructions on the screen.


        = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


        CLOSE ALL OTHER PROGRAMS & ALL OPEN WINDOWS

        Run a scan with HiJackThis & select/tick the following & click "Fix checked" :

        F2 - REG:system.ini: Shell=Explorer.exe smsse.exe
        O4 - HKLM\..\Run: [Mcafee Auto Protect] mcafeshield.exe
        O4 - HKLM\..\RunServices: [Mcafee Auto Protect] mcafeshield.exe
        O4 - HKLM\..\RunServices: [Required Service Drivers] micront.exe
        O4 - HKCU\..\Run: [Mcafee Auto Protect] mcafeshield.exe
        O4 - HKCU\..\RunServices: [Required Service Drivers] micront.exe
        O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe



        = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


        Run Cleanup! using the following configuration:

        1. Click Options...
        2. Set the slider to Standard CleanUp!
        3. Uncheck the following:
        • Delete Newsgroup cache
        • Delete Newsgroup Subscriptions
        • Scan local drives for temporary files
        4. Click OK
        5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
        * CleanUp! will not create any backups!!


        = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


        Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
        • Click Scanner
        • Click Complete System Scan to begin scanning.
        • Click OK when prompted to clean files
        With the first file it prompts to clean, select the option:
        • "Perform action on all infections"
        • Choose clean and click OK.

        Once finished, click the Save report button & save the report to your desktop

        ** Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.


        = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


        REBOOT TO NORMAL MODE


        Perform an online scan with Internet Explorer with  Panda ActiveScan
         
        1. Click [Scan your PC] & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
        2. Click [Scan Now]
        3. Enter your e-mail address & click [Scan Now] ...begins downloading 8 MB Panda's ActiveX controls  
        4. Begin the scan by selecting My Computer
          • If it finds any malware, it will offer you a report.
          • Click on see report. Then click Save report
        Post the contents of the report in your next reply

        *You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
        *Turn off the real time scanner of any existing antivirus program while performing the online scan



        = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


        Download Trend Micro
        13  Internet & Network Support / Security & Viruses / Re: VIRUS HELPTROJ_STARTPAG.RE on: November 12, 2005, 08:31:01 PM
        quote:
        so the only difference is the grey color? If so I do not really care about that
        If that's the case, we're done.

        Your system is clean
        14  Internet & Network Support / Security & Viruses / Re: VIRUS HELPTROJ_STARTPAG.RE on: November 12, 2005, 08:20:42 PM
        If you're refering to the entries identified as Virus:Eicar.Mod, you have nothing to worry about. It's a test file used b AntiVirus programs to simulate virus activity. You can read up about it here

        As to your 'gray' disposition, that is probably caused by your not following instructions when you ran CleanUp. You were not supposed to 'Scan local drives for temporary files'. That caused the default themes file to be deleted.

        Download the Luna theme from either of these sites:

        http://users.pandora.be/bluepatchy/luna.zip
        http://castlecops.com/zx/flrman1/luna.zip
        http://www.greyknight17.com/spy/luna.zip
        http://www.kellys-korner-xp.com/reg...s/Resources.zip


        Unzip it and MOVE the luna.msstyles which is present in that folder you unzipped to next folder: C:\WINDOWS\Resources\Themes\Luna
        Don't move it to anywhere else other than that folder!

        When moved it there, rightclick on your desktop > properties ... and look if Windows XP style is now present again. Choose apply and OK.

        Reboot the PC

        You should now be able to choose XP Theme for your desktop. Let me know the outcome.

        15  Internet & Network Support / Security & Viruses / Re: VIRUS HELPTROJ_STARTPAG.RE on: November 12, 2005, 02:06:14 PM
        Download this attached file - regdel.zip

        From within it, double click on regdel.reg & allow it to merge with the Registry

        Reboot your computer & let me know if you still have any other issues with it.
        Pages: [1] 2 3 ... 19
        Powered by MySQL Powered by PHP

        Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

        Valid XHTML 1.0! Valid CSS!

        Disclaimer
        This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
        Back to Top
        Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
        Back to Top
        Google visited last this page November 25, 2018, 01:50:41 AM