romeo

Members
  • Content Count

    7
  • Joined

  • Last visited

About romeo

  • Rank
    Member
  1. Can't thank you enough for walking us through all this! We were starting to wonder if the next step would be to wipe the hard drive completely We run PC-cillin and Ad-aware on a very regular basis (several times a week), so we are a bit perplexed as to how this got on here in the first place. I visited the site you recommended on "How did I get infected in the first place," but was wondering if you have any more specific thoughts based on your experience with whatever we just got rid of? A lot of those recommendations are things we already do. Thank you!!
  2. We hope it's the last time, too! Found both the exe files you listed, as well as the 2 files with bracketed names. Also found (and deleted) three other bracketed files. Below are the results of the FixWareOut and HiJackThis reports:
  3. Glad you think we are making progress! Hope this will be resolved soon, we really appreciate your help and patience! I'd like to let you know that the link you provided for Killbox is not available to non-registered users. However, I was able to find a current and a beta version (for free) available through killbox.net. I used the current version to complete your steps. During that process, I was able to locate 9 of the 13 files and deleted them. The three files starting with bracketed numbers/letters, as well as the xputt.exe file, were not found. After a restart, we ran HiJackThis aga
  4. Thanks for investigating the newer version of the Fix Wareout program. We edited the service files and continued with the HJT instructions, but did not find the xputt.exe file listed. I went into the system 32 file and deleted 10 out of 16 of the files you listed. There were 2 files left afterward that you did not mention, they were {0F7A4563-5753-4093-B22C-3B1882069AD8} and {8F75451D-5608-43D8-98A9-617A809271B1}. Thanks for the continued effort with this.
  5. Thanks for bearing with us, here are the results of our latest efforts.... Ran another Fixwareout and Hijack this scan. Of the two new things you told me to check on the Hijack-this checklist, the sysmon12 file was present, but the peqdj file was not. Also, I wasn't sure if I needed to re-check for any of the files that I originally "fixed" after your previous posting, so I looked for all of them, too. All 8 of the O17 server addresses on your original list of items to "fix" were present, as well as the O23 service. I selected all of those to be "fixed", too. After I ran the system scan,
  6. Sorry for the delay, thanks for your guidance. I had run FixWareout before completing the HijackThis log created at 10:43 pm on 7/7/06. Apparently, the Fixwareout did not fix the problem, so tonight I rebooted into safe mode and ran FixWareout again after reviewing your response. After I did my system scan, all the files you told me to check off the list were there EXCEPT the zlybe.exe file. Following is the report generated by the new HijackThis scan.
  7. New User -- never used HijackThis, but am infected with an unidentifiable virus. Have run Trend Micro PC-cillin (both online and personal computer version) and AdAware SE with no results. This is my HijackThis log, any comments and suggestions are appreciated. Logfile of HijackThis v1.99.1 Scan saved at 10:43:37 PM, on 7/7/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe