rmurphy

Members
 View Profile  See their activity

  • Content Count

    353

  • Joined

  • Last visited

 Content Type 

Posts posted by rmurphy

  1. Hjt Log Please Look Thank You![RESOLVED]

    in Malware Removal

    Posted

    Fix this entry in HJT: O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe (file missing)

    Then do the following:

    Delete an NT Service

    • Open HiJackThis
    • Click on the "Config..." button on the bottom right
    • Click on the tab "Misc Tools"
    • click on "delete an NT service"
    • Copy and paste this in: winvnc
    • Click "ok", then reboot

  5. Hjt Log Please Look Thank You![RESOLVED]

    in Malware Removal

    Posted

    Paste everything that was in the code box into Notepad. Save the file to your desktop as "delVNC.bat" (the quotes are required.

    Now on your desktop, there will be a delVNC.bat icon - it will have a gear on the icon. Double click this icon. A black window will open, and then notepad will open a file names service.txt

    Service.txt will have some text in it. Copy and paste that text into a forum post.

    -Ryan

  6. Hjt Log Please Look Thank You![RESOLVED]

    in Malware Removal

    Posted

    Paste the following into notepad:

    sc stop winvnc >> service.txt
    sc delete winvnc >> service.txt
    sc stop "VNC Server" >> service.txt
    sc delete "VNC Server" >> service.txt
    notepad service.txt

    Save the file as "delVNC.bat" (include the quotes) to your desktop. Double click the file to run, a black window will flash and then notepad will open with some text inside of it; please post the text that it contains.

    -Ryan

  9. Hjt Log Please Look Thank You![RESOLVED]

    in Malware Removal

    Posted

    You can fix these items, they are clutter and don't need to be fixed.

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    F3 - REG:win.ini: load=

    F3 - REG:win.ini: run=

    Other than that, the log is fine.

    -Ryan

  12. Hjt Log Please Look Thank You![RESOLVED]

    in Malware Removal

    Posted

    The only thing that the Kaspersky scan found were risk tools - that is, tools that can be used for both good and bad. In this case, it was a tool included in the SmitFraudFix program that is used to reboot your computer.

    If you want to, you can remove the following file and folder.

    C:\Documents and Settings\chris\My Documents\SmitfraudFix.exe

    C:\Program Files\Mozilla Firefox\SmitfraudFix\

    -Ryan

  14. Hjt Log Please Look Thank You![RESOLVED]

    in Malware Removal

    Posted

    Based on the uninstall list, here are 3 potential programs to uninstall.

    Azureus Vuze

    LimeWire PRO 4.12.3

    • P2P file sharing programs like the above have their legitimate uses, but can also be used to download copyrighted material, and increases the risk of infecting your computer.

    TightVNC 1.3.9

    • Allows remote users to connect to the computer. If you or someone else that uses this computer did not install it, please uninstall it and let me know.

    Please do an online scan with Kaspersky WebScanner

    You will need to use Internet Explorer to do this

    Click on Kaspersky Online Scanner

    You will be promted to install an ActiveX component from Kaspersky, Click Yes.

    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT

    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:

      • Extended (if available otherwise Standard)

      • Scan Options:

      • Scan Archives
        Scan Mail Bases

      [*]Click OK

      [*]Now under select a target to scan:

      • Select My Computer

      [*]This will program will start and scan your system.

      [*]The scan will take a while so be patient and let it run.

      [*]Once the scan is complete it will display if your system has been infected.

      • Now click on the Save as Text button:

      [*]Save the file to your desktop.

      [*]Copy and paste that information in your next post.

    -Ryan

  15. Hjt Log Please Look Thank You![RESOLVED]

    in Malware Removal

    Posted

    Hi coriell. I'm Ryan and I'll be helping you clean your computer.

    You will want to print out these instructions, or save them to notepad so that you can refer to them later.

    Please download ATF Cleaner by Atribune.

    This program is for XP and Windows 2000 only

    • Close all Internet Explorer, Firefox, and Opera windows before continuing.
      Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

    If you use Firefox browser

    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser

    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main menu to close the program.

    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    Please do an online scan with Kaspersky WebScanner

    You will need to use Internet Explorer to do this

    Click on Kaspersky Online Scanner

    You will be promted to install an ActiveX component from Kaspersky, Click Yes.

    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT

    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:

      • Extended (if available otherwise Standard)

      • Scan Options:

      • Scan Archives
        Scan Mail Bases

      [*]Click OK

      [*]Now under select a target to scan:

      • Select My Computer

      [*]This will program will start and scan your system.

      [*]The scan will take a while so be patient and let it run.

      [*]Once the scan is complete it will display if your system has been infected.

      • Now click on the Save as Text button:

      [*]Save the file to your desktop.

      [*]Copy and paste that information in your next post.

    I would like to see an Uninstall list.

    Open HijackThis, click Config, click Misc Tools

    Click "Open Uninstall Manager"

    Click "Save List" (generates uninstall_list.txt)

    -Ryan

  17. Adaware[INACTIVE]

    in Malware Removal

    Posted

    Welcome to BestTechie. Sorry about the delay in getting to your thread.

    If you still require assistance, please post a new hijack this log and an uninstall list. If you have resolved this issue, please let me know so that I may close this topic.

    To get the uninstall list, do the following:

    • Open HijackThis, click Config, click Misc Tools
      Click "Open Uninstall Manager"
      Click "Save List" (generates uninstall_list.txt)

    -Ryan

  19. Dd's Log[INACTIVE]

    in Malware Removal

    Posted · Edited by rmurphy

    Hi. I'm Ryan, and I'll be helping you clean your computer.

    Please download FixWareout from here:

    http://downloads.subratam.org/Fixwareout.exe

    Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.

    The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.

    Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

    Once the desktop loads notepad will open report.txt; save this file to your desktop so you can find it later. THen do the following:

    Before doing this write down all the settings, Note that not all system/setups even have these settings, While some connection services will require them.

    These instructions are basically for home users.

    In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically

    Press OK twice to get out of the properties screen and reboot if it asks.

    That option might not be avaiable one some systems

    Next Go start run type ipconfig /flushdns and hit OK. A black window will open, and then immediately close. That is normal.

    Next, please post the report.txt that you saved earlier and a new Hijackthis log.

    -Ryan

  21. Ysb Toolbar, And Infections Out Of Control[INACTIVE]

    in Malware Removal

    Posted · Edited by rmurphy

    Please go to UploadMalware to upload a suspicious file for analysis.

    • Enter your username from this forum
    • Copy and paste the link to this thread
    • In the first submission box paste this filename: C:\Program Files\Outlook Express\lawunedis.dll
    • In the second submission box paste this filename: C:\Program Files\MSN\holetuc.dll
    • In the comments, please mention that I asked you to upload this file
    • Click on Send File

    Once the files have been submitted, please do the following:

    1. I did not see any antivirus program running. It is critical that you install one. Here are two very good and reliable ones that are free for personal use:AVG Anti-Virus
      Avast Home Edition

    [*]Download ComboFix from Here or Here to your Desktop.

    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    -Ryan

  22. Ysb Toolbar, And Infections Out Of Control[INACTIVE]

    in Malware Removal

    Posted

    == Remove Programs==

    Please go to Add/Remove Programs in the Control Panel, and remove the following programs

    • Internet Explorer Default Page
      J2SE Runtime Environment 5.0 Update 6
      Java 2 Runtime Environment, SE v1.4.2_03
      LimeWire 4.12.11
      Outerinfo

    Reboot your computer.

    == Install Latest Java ==

    Please go to THIS page, and click on the Download link that is in the Java Runtime Environment (JRE) 6 section.

    Click the radio button next to Accept License Agreement after reviewing it. The page will refresh - this is normal.

    Download the Windows Offline Installation, Multi-language. You will want to save this to a location you will remember.

    Once it has finished downloading, double click it, and follow the prompts to install.

    If it asks to reboot, select No.

    == Alcan ==

    Please download Brute Force Uninstaller to your desktop.

    • Right click the BFU folder on your desktop, and choose Extract All
    • Click "Next"
    • In the box to choose where to extract the files to,
    • Click "Browse"
    • Click on the + sign next to "My Computer"
    • Click on "Local Disk (C:) or whatever your primary drive is
    • Click "Make New Folder"
    • Type in BFU
    • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

    RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.

    Save it in the same folder you made earlier (c:\BFU).

    Do not do anything with these yet!

    Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

    Then, please go to Start > My Computer and navigate to the C:\BFU folder.

    • Start the Brute Force Uninstaller by doubleclicking BFU.exe
    • Behind the scriptline to execute field click the folder icon foldericon.png and select alcanshorty.bfu
    • Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
    • Wait for the complete script execution box to pop up and press OK.
    • Press exit to terminate the BFU program.

    Reboot into normal windows and post a new HiJackThis log.

    -Ryan

  23. Ysb Toolbar, And Infections Out Of Control[INACTIVE]

    in Malware Removal

    Posted

    Hi, and welcome to Besttechie! I'm Ryan, and I'll be helping you clean your computer.

    Please download VundoFix.exe to your desktop.

    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please post the contents of C:\vundofix.txt, an uninstall list (instructions below), and a new HiJackThis log.

    Note: It is possible that VundoFix encountered a file it could not remove.

    In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

    • To get an Uninstall list.
      Open HijackThis, click Config, click Misc Tools
      Click "Open Uninstall Manager"
      Click "Save List" (generates uninstall_list.txt)

    -Ryan

  24. Ie6 And At&t Yahoo Browser V7 Loading Very Slow[RESOLVED]

    in Malware Removal

    Posted

    You can try that. There isn't anymore malware on your computer.

    For information on how to protect yourself in the future, read Infection Prevention

    Unless you have anymore questions about malware, I'd suggest going to the Windows forum for addtional help on this problem. Make sure to tell them that you are clean of malware, as their first suggestion might be to have your copmuter checked.

    -Ryan