rmurphy
-
Content Count
353 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by rmurphy
-
-
Open HiJack This and scan. When it finishes, put an X in the box next to these following item(s)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {57A3B35B-DFD7-6AA7-4166-03ED08EB8586} - C:\Program Files\vlkavjuf\ejvjuavk.dll
O3 - Toolbar: The htunistock - {C58A4487-4C2E-45E4-9E3A-52B3A23CC396} - C:\WINDOWS\htunistock.dll
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O21 - SSODL: hstsys - {EE10C817-A6A2-45A8-B903-A8553ADBEA10} - C:\WINDOWS\hstsys.dll (file missing)
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
Close all open windows except for HiJack This and click fix checked.
1. Please open Notepad
- Click Start , then Run
- Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
File::
C:\WINDOWS\htunistock.dll
C:\WINDOWS\hstsys.dll
Folder::
C:\Program Files\vlkavjuf\
C:\WINDOWS\privacy_danger\3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
- Combofix.txt
- A new HijackThis log.
Also, do you have a flash drive, CD (or I'm pretty sure that it will fit on a floppy disk) that you could put smitfraudfix onto?
-Ryan
- Click Start , then Run
-
OK, so let's postpone that for now... please run ComboFix again and post the log, as well as an uninstall list from HiJack This.
-Ryan
-
Are you logging into the same account in safe mode that you regularly use? If not, please try again, or put the smitfraudfix folder in the C:\ drive.
-Ryan
-
Can you try running it in safemode?
-Ryan
-
Sorry for the delay in replying; had a few real life projects I needed to get finished for today.
== Clear Temporary Files ==
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
- Close all Internet Explorer, Firefox, and Opera windows before continuing.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
- Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
- Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
== Kaspersky Web Scanner ==
Please do an online scan with Kaspersky WebScanner
You will need to use Internet Explorer to do this
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
- Scan Options:
- Scan Archives
Scan Mail Bases
[*]Click OK
[*]Now under select a target to scan:
- Select My Computer
[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
[*]Save the file to your desktop.
- Scan using the following Anti-Virus database:
== Request Logs ==
Please post the log from the Kaspersky scan.
-Ryan
- Close all Internet Explorer, Firefox, and Opera windows before continuing.
-
Sorry for the delay in replying; had a few real life projects I needed to get finished for today.
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please save this report to your desktop.
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
Please download FixWareout from here:
http://downloads.subratam.org/Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads please post the text that will open (report.txt), the smitfraudfix report that you saved earlier and a new Hijackthis log.
-Ryan
-
-
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
== SmitFraudFix Part 2 ==
Please reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
== Remove Programs ==
Please go to Add/Remove Programs in the Control Panel, and remove the following programs
- IE Custom Tools
IE Safety Features
Java™ 6 Update 2
Reboot your computer.
== Install Latest Java ==
Please go to THIS page, and click on the Download link that is in the Java Runtime Environment (JRE) 6 section.
Click the radio button next to Accept License Agreement after reviewing it. The page will refresh - this is normal.
Download the Windows Offline Installation, Multi-language. You will want to save this to a location you will remember.
Once it has finished downloading, double click it, and follow the prompts to install.
If it asks to reboot, select Yes.
== Request logs ==
In your next post, please attach a new HiJack This log and the log SmitfraudFix produced (can be found at C:\rapport.txt. Also let me know how the computer is running.
-Ryan
- Restart your computer
-
Hi intocomputing2, and welcome to BestTechie! I'm Ryan, and I'll be helping you with your computer.
OK, since you have an avast!, let's make sure it is updated, then use it to run a boot time scan.
== Update avast! ==
Right click on the a in the taskbar and select Updating, then select Program.
Avast! will tell you when it has completed the update. If core files were updated, you may get a message asking you to restart. Please allow the computer to restart if prompted.
== Schedule a Boot-Time Scan ==
After you have updated avast! right click the a icon in the taskbar and click Start Avast! AntiVirus.
After this, you will need to Schedule Boot-Time Scan with avast! While all the steps needed to perform this are listed below, you may find a visual tutorial helpful as well.
- Click on the up arrow icon in the left corner, and select Schedule Boot-Time Scan.
Next, choose:- Scan all local disks
- scan archive files
- Scan all local disks
Click on Schedule. Avast! will notify you that a system restart is needed. Please select Yes
Your computer will then restart, and avast! will perform the scan prior to Windows loading.
IMPORTANT NOTE: When avast! finds an infected item, it may give you a dialog box with recommended actions. If this happens, please select Move to Chest.
== Request logs ==
Please post the log of the avast scan. It can be found at C:\Program Files\Alwil Software\Avast4\DATA\report\AswBoot.txt
I would also like to see an Uninstall list. To obtain an uninstall list, please do the following:
- Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
-Ryan
- Click on the up arrow icon in the left corner, and select Schedule Boot-Time Scan.
-
Hi Acynonix, and welcome to BestTechie! I'm Ryan, and I'll be helping you clean your computer.
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report and an uninstall log into your next reply.
To obtain an Uninstall list.
- Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
-Ryan
- Open HijackThis, click Config, click Misc Tools
-
== Remove Programs ==
Please go to Add/Remove Programs in the Control Panel, and remove the following programs
- IE Custom Tools
IE Safety Features
Information Center
J2SE Runtime Environment 5.0 Update 3
Reboot your computer.
== Install Latest Java ==
Please go to THIS page, and click on the Download link that is in the Java Runtime Environment (JRE) 6 section.
Click the radio button next to Accept License Agreement after reviewing it. The page will refresh - this is normal.
Download the Windows Offline Installation, Multi-language. You will want to save this to a location you will remember.
Once it has finished downloading, double click it, and follow the prompts to install.
If it asks to reboot, select Yes.
== SmitFraud Scan ==
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
-Ryan
- IE Custom Tools
-
Welcome to BestTechie. I'm Ryan, and I'll be helping you clean your computer.
I would like to see an Uninstall list.
Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
-Ryan
-
OK. Send me a PM when you are able to post again.
-Ryan
-
Hi there, and welcome to Besttechie! I'm Ryan, and I'll be helping you with your computer troubles.
You will want to print out these instructions, or save them to notepad so that you can refer to them later.
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
- Close all Internet Explorer, Firefox, and Opera windows before continuing.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
- Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
- Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
Please do an online scan with Kaspersky WebScanner
You will need to use Internet Explorer to do this
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
- Scan Options:
- Scan Archives
Scan Mail Bases
[*]Click OK
[*]Now under select a target to scan:
- Select My Computer
[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
[*]Save the file to your desktop.
[*]Copy and paste that information in your next post.
- Scan using the following Anti-Virus database:
Next, go to start > Run and paste in the following: ipconfig >> dns.txt && notepad dns.txt and then press enter. Notepad will open, post the contents of it, along with the Kaspersky log.
-Ryan
- Close all Internet Explorer, Firefox, and Opera windows before continuing.
-
It doesn't come with it installed, you have to install it via a script in the control panel, but yes, it is a tad easier than installing wordpress your self.
It is a good idea to not use the same company to host your DNS info that hosts your website, as they could hijack the DNS should you try to cancel the account. If you do use it to initially buy the domain, you should transfer it to another registrar as soon as you can.
-Ryan
-
I've used Quality Host Online for the past nine months, but just transfered to DreamHost. I was outgrowing the plan I was on, and DreamHost seemed the most cost-effective for me to move to. It also allowed me to cancel one hosting plan and consolidate the hosting for my sites into one account.
-Ryan
-
For the blog software, I recommend WordPress. Its free, easy to install and use, and there are tons of themes that are free and availble for anyone to use.
As for forums, I've used Simple Machines Forum or phpBB. Like WordPress, both of these are free to use, and have tons of themes availible for download and use.
Even though there are free themes, it does not mean that your site will look bad. All of the themes are good, and there are some amazing themes out there for free.
-Ryan
-
The following programs can be uninstalled:
- Java 2 Runtime Environment, SE v1.4.2_14
Java 2 SDK, SE v1.4.2_14
Double-click VundoFix.exe to run it.
- Right click the listbox and select Add more files? Add the following files, one per line
- C:\WINDOWS\system32\ursss.dll
C:\WINDOWS\system32\urqnolj.dll
[*]Click the Remove Vundo button.
[*]You will receive a prompt asking if you want to remove the files, click YES
[*]Once you click yes, your desktop will go blank as it starts removing Vundo.
[*]When completed, it will prompt that it will reboot your computer, click OK.
[*]Please post the contents of C:\vundofix.txt and a new HiJackThis log.
- C:\WINDOWS\system32\ursss.dll
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions when VundoFix appears at reboot.
Open HiJack This and scan. When it finishes, put an X in the box next to these following item(s)
O2 - BHO: (no name) - {126D2E44-3B1D-46B6-BE67-D5BCF68AEEFD} - C:\WINDOWS\system32\urqnolj.dll
O2 - BHO: (no name) - {450AA662-3EEA-4E6C-B549-B13847E549CD} - C:\WINDOWS\system32\hggdb.dll (file missing)
O2 - BHO: (no name) - {EFFCB1DD-4F7E-43B0-B4DA-7C74C1675AF8} - C:\WINDOWS\system32\ursss.dll
O20 - Winlogon Notify: urqnolj - C:\WINDOWS\SYSTEM32\urqnolj.dll
O20 - Winlogon Notify: ursss - C:\WINDOWS\system32\ursss.dll
O23 - Service: DomainService - - C:\WINDOWS\system32\bnomnoxs.exe
Close all open windows except for HiJack This and click fix checked.
Still in HiJackThis:
- Click on the "Config..." button on the bottom right
- Click on the tab "Misc Tools"
- click on "delete an NT service"
- Copy and paste this in: DomainService
- Click "ok", then reboot
If you would please rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working.
- Java 2 Runtime Environment, SE v1.4.2_14
-
Hi, and welcome to BestTechie. I'm Ryan, and I'll be helping you with your issue.
Please download VundoFix.exe to your desktop.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt, and Uninstall List, and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
To obtain the uninstall list:
- Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
-Ryan
- Double-click VundoFix.exe to run it.
-
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
-
All you need to do to uninstall the logmein software is either clear the O16 entry using HJT (if using Internet Explorer), or remove the plugin (if using Firefox).
Since the issues that you are experiencing don't appear to be due to malware, I recommend that you post about any remaining issues in the PC Support forum, where they can provide further assistance (and probably better than I could, since its not malware).
-Ryan
-
You have to go to each computer to set it up the first time, but after that, its just as simple as going to the site, selecting which computer you want to connect to, and connecting.
-Ryan
-
Logmein.com offers a few solutions. I use the free one to connect to a few computers.
If you were the one that installed the VNC software, then I wouldn't worry about it.
-Ryan
-
Did you fix the O23 HJT entry I said to?
Hijack This Log[INACTIVE]
in Malware Removal
Posted
hi wolf44, welcome to BestTechie.
What problems are you having with your computer? The HJT log appears clean, so the next move depends on what is wrong.
-Ryan