Andro1d

Trusted Helpers
  • Content Count

    737
  • Joined

  • Last visited

Everything posted by Andro1d

  1. Hello and Welcome to the forums. I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today. Looking at your system now, one or more of the identified infections is a backdoor application which can allow attackers to access your computer, stealing passwords and personal data. If this computer is ever used for on-line banking, I suggest you do the following immediately: 1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
  2. For a free AV, I highly recommend avast! 4 Home Edition over the rest of the "free" competition. Especially with their new release of 4.8, many new great features were added; making this wonderful program even better!
  3. Most likely System Restore was originally turned off. Not to big of a problem
  4. Much better, some of the original log that you posted so I just wanted to make sure everything got moved to the right place. Other than that, nice job your log looks clean! Please use the following suggestions to help prevent reinfection. Make sure you have an Internet Connection. Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator") Click on the CleanUp! button A list of tool components used in the Cleanup of malware will be downloaded. If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Inte
  5. Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
  6. Hi, Please post the log from c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log) in your next reply.
  7. Hi Mamoun, My apologies on the AV, I must have accidently forgot to edit my speech according to your PC. I have a lot of logs, and sometimes things like this slip through. You can keep both programs, Spy-Bot is a great real-time protection program, while MBAM is a great on demand scanner. If you have any more questions, feel free to ask.
  8. Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
  9. Hello again, Step 1 Please download the OTMoveIt2 by OldTimer. Save it to your desktop. Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator") Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): [kill explorer] HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0519A9C9-064A-4cbc-BC47-D0EACD581477} HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{465A59EC-20E5-4fca-A38A-E5EC3C480218} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\C
  10. Hello again, First, please run ATF cleaner again with the same instructions as above. Then... Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present): C:\Documents and Settings\Jeff Ball\My Documents\LimeWire\Saved\ms tease.mpg Other than that,nice job your log looks clean! Please use the following suggestions to help prevent reinfection. Also, you may delete any tools I had you download during the cleaning process. Clearing and Creating a new Restore Point to remove infected files that have been backed up by Windows. The
  11. Hello again, Step 1 Please download SmitfraudFix (by S!Ri) to your Desktop. Next, please reboot your computer in Safe Mode by doing the following. Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account. Once in Safe Mode, double-click on SmitfraudFix.exe Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You w
  12. Hey Charlie, Mhmm, lets try a different tool if you don't mind. NOTE: You will need to temporarily disable any programs you have running that will block attempts to edit the registry. As FixIEDef calls REGEDIT to delete registry keys added by Zlob, Trojan.Downloader.Delf, AntiSpyPro, and IE Defender. Download FixIEDef.exe by ShadowPuterDude to the Desktop. Note: FixIEDef now supports Non-English Language Systems Double-click FixIEDef.exe: That will open the About FixIEDef screen. Click OK to continue: Next, press the Scan! button: FixIEDef needs to run as Administrator to perform correctl
  13. Hello again, Step 1 Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  14. Nice job your log looks clean! Please use the following suggestions to help prevent reinfection. Also, you may delete any tools I had you download during the cleaning process. The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again. As a note, all of the tools and utilities mentioned are either free or have free versions available. Malwarebytes' Anti-Malware - A very powerful tool which searches and kills malware that infects your syst
  15. Hello again, Please download RogueRemover by RubberDucky here. Double-click rr-free-setup.exe to begin installing the program. Follow the setup instructions for installation. Double-click the RogueRemover icon on your desktop. Once the program runs, select Check for Updates. When prompted, select Check for Updates. If prompted again, click Download to receive the latest updates. When completed, close the update window. Next, click Scan If it detects anything, select to remove all objects found. Close RogueRemover
  16. Hello again, 1. Please open Notepad Click Start , then Run Type notepad .exe in the Run Box. 2. Now copy/paste the entire content of the codebox below into the Notepad window: File:: C:\WINDOWS\bcmwltrytmp.reg C:\WINDOWS\system32\sysrest32.exe Folder:: C:\Program Files\BrowsingTool Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "lphcvqej0egaj"=- "sysrest32.exe"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0661233-42D4-F7F1-80E1-8A9E0E99E71D}] 3. Save the above as CFScript.txt 4. Then drag the CFScript.txt
  17. Hello again, First, Trend-Micro isn't a very good AV program in my opinion. I have previsouly used it, and wasn't impressed at all with it in general. Missed a lot of malware on my pc, slow updates, etc. Now to answer your questions, ComboFix uses many advanced procedures that are used to stop system processes and do other important activities. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
  18. Hello again, Step 1 Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  19. Hello and Welcome to BT. I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today. Step 1 Jotti File Submission: Please go to Jotti's malware scan Copy and paste the following file path into the "File to upload & scan"box on the top of the page: C:\WINDOWS\system32\lphcvqej0egaj.exe Click on the submit button Please post the results of the scan in your next reply. If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/ Step 2 Please visit this web page for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/combofi
  20. Hello and Welcome to BT. I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today. Please visit this web page for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix This includes installing the Windows XP Recovery Console in case you have not installed it yet. For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058. Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recove
  21. Hello and Welcome to BT. I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today. Sorry for the delay! Please download Deckard's System Scanner (DSS) to your desktop. Close all applications and windows. Double-click on dss.exe to run it, and follow the prompts. When the scan is complete, a text file will open - Main.txt Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt into your thread. An additional text file, Extra.txt,will also be available (by default) in the following FOLDER, C:\Deckard\System Scanner. Please go to that folder and also copy th
  22. Hello again, Step 1 Download Dr.Web CureIt to the desktop: ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe Doubleclick the drweb-cureit.exe file and Allow to run the express scan This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan. Once the short scan has finished, mark the drives that you want to scan. Select all drives. A red dot shows which drives have been chosen. Click the green arrow at the right, and the scan will start. Click 'Yes to all' if it asks if you want to
  23. Hello and Welcome to BT. I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today. Click here to download HJTInstall.exe Save HJTInstall.exe to your desktop. Double click on the HJTInstall.exe icon on your desktop. A window will pop up, and simply click Install. By default it will install to C:\Program Files\Trend Micro\HijackThis. When it is completed installing HijackThis, it will automatically launch and you will be presented with the License Agreement. Click on the I Accept button. Once the license agreement is gone, click on the Do a system scan and save a logf