rmurphy
-
Content Count
353 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by rmurphy
-
-
nevermind, i see it now
-
Does notepad open? If not, there should be a service.txt file on your desktop. Please open that file and post the contents of it here.
-Ryan
-
Start > Run: notepad press enter
-
Paste everything that was in the code box into Notepad. Save the file to your desktop as "delVNC.bat" (the quotes are required.
Now on your desktop, there will be a delVNC.bat icon - it will have a gear on the icon. Double click this icon. A black window will open, and then notepad will open a file names service.txt
Service.txt will have some text in it. Copy and paste that text into a forum post.
-Ryan
-
Paste the following into notepad:
sc stop winvnc >> service.txt
sc delete winvnc >> service.txt
sc stop "VNC Server" >> service.txt
sc delete "VNC Server" >> service.txt
notepad service.txtSave the file as "delVNC.bat" (include the quotes) to your desktop. Double click the file to run, a black window will flash and then notepad will open with some text inside of it; please post the text that it contains.
-Ryan
-
Start > Run: Paste sc stop winvnc and press enter. Then paste sc delete winvnc and press enter.
-Ryan
-
reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).
Then try to delete the folder/files.
-Ryan
-
You can fix these items, they are clutter and don't need to be fixed.
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
Other than that, the log is fine.
-Ryan
-
Just do the following:
go to start > Run: paste del "C:\Documents and Settings\chris\My Documents\SmitfraudFix.exe" and hit enter. Then paste: rmdir "C:\Program Files\Mozilla Firefox\SmitfraudFix\" /S /Q and hit enter.
-Ryan
-
You just delete them like any other file/folder.
-Ryan
-
The only thing that the Kaspersky scan found were risk tools - that is, tools that can be used for both good and bad. In this case, it was a tool included in the SmitFraudFix program that is used to reboot your computer.
If you want to, you can remove the following file and folder.
C:\Documents and Settings\chris\My Documents\SmitfraudFix.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\
-Ryan
-
Congratulations, your log is clean
For information on how to protect yourself in the future, read Infection Prevention
Do you have any other questions or concerns? This thread will be left open for a few more days, so feel free to ask.
-Ryan
-
Based on the uninstall list, here are 3 potential programs to uninstall.
Azureus Vuze
LimeWire PRO 4.12.3
- P2P file sharing programs like the above have their legitimate uses, but can also be used to download copyrighted material, and increases the risk of infecting your computer.
TightVNC 1.3.9
- Allows remote users to connect to the computer. If you or someone else that uses this computer did not install it, please uninstall it and let me know.
Please do an online scan with Kaspersky WebScanner
You will need to use Internet Explorer to do this
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
- Scan Options:
- Scan Archives
Scan Mail Bases
[*]Click OK
[*]Now under select a target to scan:
- Select My Computer
[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
[*]Save the file to your desktop.
[*]Copy and paste that information in your next post.
- Scan using the following Anti-Virus database:
-Ryan
- P2P file sharing programs like the above have their legitimate uses, but can also be used to download copyrighted material, and increases the risk of infecting your computer.
-
Hi coriell. I'm Ryan and I'll be helping you clean your computer.
You will want to print out these instructions, or save them to notepad so that you can refer to them later.
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
- Close all Internet Explorer, Firefox, and Opera windows before continuing.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
- Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
- Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
Please do an online scan with Kaspersky WebScanner
You will need to use Internet Explorer to do this
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
- Scan Options:
- Scan Archives
Scan Mail Bases
[*]Click OK
[*]Now under select a target to scan:
- Select My Computer
[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
[*]Save the file to your desktop.
[*]Copy and paste that information in your next post.
- Scan using the following Anti-Virus database:
I would like to see an Uninstall list.
Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
-Ryan
- Close all Internet Explorer, Firefox, and Opera windows before continuing.
-
Happy birthday Jeff!!!
-
Welcome to BestTechie. Sorry about the delay in getting to your thread.
If you still require assistance, please post a new hijack this log and an uninstall list. If you have resolved this issue, please let me know so that I may close this topic.
To get the uninstall list, do the following:
- Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
-Ryan
- Open HijackThis, click Config, click Misc Tools
-
Please go to http://www.uploadmalware.com/ and submit the following file: C:\Windows\System32\immsg32.exe
I would like to see an Uninstall list.
Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
-Ryan
-
Hi. I'm Ryan, and I'll be helping you clean your computer.
Please download FixWareout from here:
http://downloads.subratam.org/Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads notepad will open report.txt; save this file to your desktop so you can find it later. THen do the following:
Before doing this write down all the settings, Note that not all system/setups even have these settings, While some connection services will require them.
These instructions are basically for home users.
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be avaiable one some systems
Next Go start run type ipconfig /flushdns and hit OK. A black window will open, and then immediately close. That is normal.
Next, please post the report.txt that you saved earlier and a new Hijackthis log.
-Ryan
-
Inactive topic...
If you still need help on this problem, contact me or one of the Moderators to re-open this up.
Topic closed.
-
Please go to UploadMalware to upload a suspicious file for analysis.
- Enter your username from this forum
- Copy and paste the link to this thread
- In the first submission box paste this filename: C:\Program Files\Outlook Express\lawunedis.dll
- In the second submission box paste this filename: C:\Program Files\MSN\holetuc.dll
- In the comments, please mention that I asked you to upload this file
- Click on Send File
Once the files have been submitted, please do the following:
- I did not see any antivirus program running. It is critical that you install one. Here are two very good and reliable ones that are free for personal use:AVG Anti-Virus
Avast Home Edition
[*]Download ComboFix from Here or Here to your Desktop.
- Double click combofix.exe and follow the prompts.
- When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
-Ryan
- Enter your username from this forum
-
== Remove Programs==
Please go to Add/Remove Programs in the Control Panel, and remove the following programs
- Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
LimeWire 4.12.11
Outerinfo
Reboot your computer.
== Install Latest Java ==
Please go to THIS page, and click on the Download link that is in the Java Runtime Environment (JRE) 6 section.
Click the radio button next to Accept License Agreement after reviewing it. The page will refresh - this is normal.
Download the Windows Offline Installation, Multi-language. You will want to save this to a location you will remember.
Once it has finished downloading, double click it, and follow the prompts to install.
If it asks to reboot, select No.
== Alcan ==
Please download Brute Force Uninstaller to your desktop.
- Right click the BFU folder on your desktop, and choose Extract All
- Click "Next"
- In the box to choose where to extract the files to,
- Click "Browse"
- Click on the + sign next to "My Computer"
- Click on "Local Disk (C:) or whatever your primary drive is
- Click "Make New Folder"
- Type in BFU
- Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).
Do not do anything with these yet!
Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
Then, please go to Start > My Computer and navigate to the C:\BFU folder.
- Start the Brute Force Uninstaller by doubleclicking BFU.exe
- Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu
- Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
- Wait for the complete script execution box to pop up and press OK.
- Press exit to terminate the BFU program.
Reboot into normal windows and post a new HiJackThis log.
-Ryan
- Internet Explorer Default Page
-
Hi, and welcome to Besttechie! I'm Ryan, and I'll be helping you clean your computer.
Please download VundoFix.exe to your desktop.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt, an uninstall list (instructions below), and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
- To get an Uninstall list.
Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
-Ryan
- Double-click VundoFix.exe to run it.
-
You can try that. There isn't anymore malware on your computer.
For information on how to protect yourself in the future, read Infection Prevention
Unless you have anymore questions about malware, I'd suggest going to the Windows forum for addtional help on this problem. Make sure to tell them that you are clean of malware, as their first suggestion might be to have your copmuter checked.
-Ryan
-
Everything seems to be ok from the logs. How is the computer running?
-Ryan
Hjt Log Please Look Thank You![RESOLVED]
in Malware Removal
Posted
Fix this entry in HJT: O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe (file missing)
Then do the following:
Delete an NT Service