rmurphy
-
Content Count
353 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by rmurphy
-
-
Delete the following items:
C:\download\ <-- This folder
I:\Pkware\PK263WSP.exe <-- This file
D:\Pkware\PK263WSP.exe <-- This file
Next, let's make a new restore point and get rid of the others.
- Go - Start>Programmes>Accessories>System Tools>System Restore>Create a New Restore point.
Go - Start>Programmes>Accessories>System Tools>Disc Cleanup>"More Options" Tab>Remove All But Most Recent Point.
Double-click ATF-Cleaner.exe to run the program.
- Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
- Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
- Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
Then run the Kaspersky scan again, and post the results and a new HiJack This log.
-Ryan
- Go - Start>Programmes>Accessories>System Tools>System Restore>Create a New Restore point.
-
== Remove Programs==
Please go to Add/Remove Programs in the Control Panel, and remove the following programs
- Java 2 Runtime Environment, SE v1.4.2
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_04
(Also feel free to uninstall any programs that you don't recognize or no longer use)
Reboot your computer.
== Install Latest Java ==
Please go to THIS page, and click on the Download link that is in the Java Runtime Environment (JRE) 6 section.
Click the radio button next to Accept License Agreement after reviewing it. The page will refresh - this is normal.
Download the Windows Offline Installation, Multi-language. You will want to save this to a location you will remember.
Once it has finished downloading, double click it, and follow the prompts to install.
If it asks to reboot, select yes.
== Kaspersky Online Scan ==
Please do an online scan with Kaspersky WebScanner
You will need to use Internet Explorer to do this
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
- Scan Options:
- Scan Archives
Scan Mail Bases
[*]Click OK
[*]Now under select a target to scan:
- Select My Computer
[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
[*]Save the file to your desktop.
[*]Copy and paste that information in your next post.
- Scan using the following Anti-Virus database:
-Ryan
- Java 2 Runtime Environment, SE v1.4.2
-
Hi Aces&Eights, and welcome to BestTechie. I'm Ryan, and I'll be helping you with your computer.
You will want to print out a copy of these instructions to follow while you complete this procedure, as you will not be able to access the internet later in the fix.
Open HiJack This and scan. When it finishes, put an X in the box next to these following item(s)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
If you did not add the entries below to your hosts file, please remove them
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
Close all open windows except for HiJack This and click fix checked.
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
- Close all Internet Explorer, Firefox, and Opera windows before continuing.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
- Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
- Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
Next, download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
- Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
- Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
- On the main screen select the icon "Update" then select the "Update now" link.
- Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
- Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
[*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
[*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
[*]Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
- Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess: - Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
- Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
- AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following: - If you have any infections you will prompted, then select "Apply all actions"
- Next select the "Reports" icon at the top.
- Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
- Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan, a new HiJack This log, and an Uninstall list (directions below).
Uninstall list.
Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
-Ryan
- Close all Internet Explorer, Firefox, and Opera windows before continuing.
-
Please delete the following items:
C:\Documents and Settings\Mom\Desktop\Desktop\ezcalendarfree.exe
C:\2-22-02 and backup_12_13_03\moms backup 2_22_02\Desktop\eDonkey61.exe
Other than that, your log is clean.
For information on how to protect yourself in the future, read Infection Prevention
Because your issue does not appear to be malware related, I recommend posting in the PC Support forum.
-Ryan
-
Please do an online scan with Kaspersky WebScanner
You will need to use Internet Explorer to do this
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
- Scan Options:
- Scan Archives
Scan Mail Bases
[*]Click OK
[*]Now under select a target to scan:
- Select My Computer
[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
[*]Save the file to your desktop.
[*]Copy and paste that information in your next post.
- Scan using the following Anti-Virus database:
- The program will launch and then begin downloading the latest definition files:
-
Hi, and welcome to besttechie. I'm Ryan, and I'll be helping you.
I would like to see an Uninstall list.
Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
-Ryan
-
Congratulations, your log is CLEAN
We have a couple of last steps to perform and then you're all set.
First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.
- * Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Next, let's set a new restore point, and clear the old ones:
- Step #1 - Create a New Restore Point
Go - Start>Programmes>Accessories>System Tools>System Restore>Create a New Restore point.
Step #2 - Flush All Previous Points
Go - Start>Programmes>Accessories>System Tools>Disc Cleanup>"More Options" Tab>Remove All But Most Recent Point.
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
- SpywareBlaster to help prevent spyware from installing in the first place.
- SpywareGuard to catch and block spyware before it can execute.
- IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You should also have a good firewall. Here are 2 free ones available for personal use:
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To keep your operating system up to date visit Microsoft Windows Update monthly.
And to keep your system clean run these free malware scanners weekly, and be aware of what emails you open and websites you visit.
To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?
Do you have any other questions or concerns? This thread will be left open for a few more days, so feel free to ask.
-Ryan
- * Click Start.
-
1. Open HiJack This and scan. When it finishes, put an X in the box next to these following item(s)
O2 - BHO: (no name) - {2C4F57F2-7633-42E3-8D33-529F0491ABFC} - C:\WINDOWS\system32\fccaw.dll (file missing)
O20 - Winlogon Notify: fccaw - C:\WINDOWS\system32\fccaw.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: winpcn32 - winpcn32.dll (file missing)
Close all open windows except for HiJack This and click fix checked.
Reboot your computer.
2. Please go HERE to run Panda's ActiveScan. You will need to use Internet Explorer to run it.
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on My Computer to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
- If it wants to install an ActiveX component allow it
If you would please rescan with HijackThis and post a fresh log, along with the results from the Panda ActiveScan in this same topic, and let us know how your system's working.
-Ryan
- Once you are on the Panda site click the Scan your PC button
-
Download SDFix and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, the Advanced Options Menu should appear;
- Select the first option, to run Windows in Safe Mode, then press Enter.
- Choose your usual account.
- Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum). - Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
-Ryan
- Restart your computer
-
OK, it looks like it took care of the MSN issue, but there is still a few things left to do.
You will want to print out a copy of these instructions to follow while you complete this procedure.
1. Please reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Warning : running option #2 on a non infected computer will remove your Desktop background.
2. Please download VundoFix.exe to your desktop.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Please post the contents of the SmitFraudFix report, the results of vundoFix (found at C:\vundofix.txt) and a new HiJackThis log.
-Ryan
- Restart your computer
-
Hi tippoff, welcome to Besttechie! I'm Ryan, and I'll be helping you clean your computer.
You will want to print out a copy of these instructions to follow while you complete this procedure.
1. Please download hosts.zip
- Extract the contents of hosts.zip by doing the following
- Right-click on hosts.zip and select Extract All. The Extraction Wizard will open.
- Click Next, followed by Next again.
- When it has finished extracting (should take one or two seconds), click on Finish.
A folder with the extracted items will open.
[*]Double-click on mvps.bat to run it. A black box will suddenly open and close; this is normal.
[*]If any windows open alerting you of a change in your hosts file, please allow them; this is expected.
- Right-click on hosts.zip and select Extract All. The Extraction Wizard will open.
Note:If you have added any custom entries to your HOSTS file, you will need to add them again.
2. Please Download MsnVirRem.exe to your desktop from one of the following mirrors.
[*]First close any other programs you have running as this will require a reboot
[*]Double click MsnVirRem.exe to run it
[*]Once open, click the button labelled "Search and Destroy"
<<Your computer will now be scanned for Infected Files>>
[*]When scanning is finished you will be prompted to reboot only if infected, Click OK
[*]Now click the "REBOOT" Button.
[*]After the Reboot, you WILL receive file not found errors (usually 4) please acknowledge them and continue.
[*]A Message should popup from MsnVirRem if not, double click the program again and it will finish
3.Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
In your next reply, please post the SmitFraudFix report, the report from MsnVirRem (found at C:\msnvirrem.log), and a new HiJackThis log.
-Ryan
- Extract the contents of hosts.zip by doing the following
-
Sorry for the delay.
Download and install Tune Up 2006 Trial
Click on Clean up & Repair. Run TuneUp DiskCleaner. Delete all junk files. Afterwords, return to the Main Screen.
Click on Clean up & Repair. Run TuneUp RegistryCleaner. Fix all errors. Afterwords, return to the Main Screen.
Click on Optimize & Improve. Run TuneUp RegistryDefrag, which will take a few minutes and need a reboot.
After the reboot, start Tune Up again. Click on Optimize & Improve then click on TuneUp System Optimizer. Now click on Accelerate downloads and Internet surfing to accelerate downloads, select the speed just above your actual connection speed, this requires a reboot.
After the reboot, start Tune Up again. Click on Optimize & Improve then click on TuneUp System Optimizer. In the menu to the left called "Wizards", choose System Advisor. Note some of the advice it tells you.
-Ryan
-
The things that the Panda scan found (except for the cookie) were part of the SmitFraudFix. It was picked up because it uses the same compression package as some spyware uses.
You will want to print out a copy of these instructions to follow while you complete this procedure, as you will not be able to access the internet later in the fix.
I noticed you have Party Poker and UltimateBet installed. Poker games and the sites related are a risk and that's where most malware gets installed. Also, in a lot of cases these Poker 'plugins' are also getting installed without you asking for it. If you don't use it, I recommend that you remove it.
Go to Start > Control Panel
In Add/Remove Programs, remove Party Poker if you don't use it. If it asks if you want to reboot your computer, select NO. Do the same for UltimateBet.
Close Add/Remove Programs.
Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.
Open HiJack This and scan. When it finishes, put an X in the boxes, only next to these following items
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe <= If you decide to remove UltimateBet
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe <= If you decide to remove UltimateBet
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll <= If you decide to remove Party Poker
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll <= If you decide to remove Party Poker
Close all open windows except for HiJack This and click fix checked.
Delete the following folder C:\Program Files\UltimateBet\
Reboot your PC.
Can you please go to C:\Program Files\Alwil Software\Avast4\ and tell me if the ashMaiSv.exe file is there?
There really isn't much else that can be removed from HiJack This. There are some optional removals that could speed up your computer when it first loads up; let me know if you would like to remove those and I'll tell you what to do.
-Ryan
-
We can definitely help you, but first you need to apply Windows XP Service Pack 1a. Without this update, you're wide open to re-infection, which defeats the purpose of getting you clean. So download the Service Pack from the link below, so we don't waste time getting you clean just to become re-infected. Click here: http://www.microsoft.com/windowsxp/downloa...p1/default.mspx
Apply the update, reboot, and post a fresh Hijack This log.
-
Hi seksuell, welcome to BestTechie.
I am currently reviewing your log, and will reply momentarily.
-Ryan
Ie6 And At&t Yahoo Browser V7 Loading Very Slow[RESOLVED]
in Malware Removal
Posted
OK, let's try System Restore method 2:
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.
3. Turn ON System Restore.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
System Restore will now be active again.
If you were able to reset it, please post a new KAV scan.
Part of the reason that I use ATF Cleaner is that when things don't work, I can get in touch with the creater. I also think its a great product. He took a quick look at this thread, and just has one question at the moment: what directory do you have firefox installed in?