Andro1d

Trusted Helpers
 View Profile  See their activity

  • Content Count

    737

  • Joined

  • Last visited

 Content Type 

Posts posted by Andro1d

  2. Im Infested[INACTIVE]

    in Malware Removal

    Posted

    Hello and Welcome to BT. :)

    I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

    Please download this file - combofix.exe by sUBs

    • Save it to your Desktop
    • Please, never rename Combofix unless instructed.
    • Now physically disconnect from the internet and STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
    • Click on your START button and choose Run. Then copy/paste the entire content of the following quotebox (Including the "" marks and the Symbols) into the run box.
      "%userprofile%\desktop\ComboFix.exe" /KillAll

    • Click OK and this will start ComboFix in a special way.
    • When finished, it will produce a log. Please save that log to a Notepad File to post in your next reply along with a fresh HJT log.

    Note:

    Do not mouse-click combofix's window while it is running. That may cause it to stall.

    * After you have saved the logs, restart your system to re-enable all the programs that were disabled during the running of ComboFix.

    * Reconnect to the internet

    * Post the following logs/Reports:

    • ComboFix.txt
    • Fresh HijackThis log run after all the other tools have performed their cleanup.

  4. Hijack This Log[RESOLVED]

    in Malware Removal

    Posted

    Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

    If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

    Everyone else please begin a New Topic.

  6. Hijack This Log[RESOLVED]

    in Malware Removal

    Posted

    Nice job your log looks clean!

    Please use the following suggestion to help prevent reinfection.

    Well from your logs, you are clear of malware. I would post in the PC support section if you are still having issues. Let them know that I have cleared you of malware as well.

    http://www.besttechie.net/forums/PC-Support-f3.html

    Also, you may delete any tools I had you download during the cleaning process.

    Malwarebytes' Anti-Malware - A very powerful tool which searches and kills malware that infects your system.

    **Tutorial on installing & using this product can be found HERE**

    SpywareBlaster - Great prevention tool to keep malware from installing on your system.

    **Tutorial on installing & using this product can be found HERE**

    SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

    **Tutorial on installing & using this product can be found HERE**

    IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

    **Tutorial on installing & using this product can be found HERE**

    Antivirus Program An Antivirus program is almost a necessity in today's digital world to stay protected. I notice that you don't have one installed! Therefore I recommend avast! 4 Home Edition, Anti-Vir, or PC Tools AntiVirus.

    Firewall A firewall is very important, in order to protect your computer from hackers. I notice that you don't have one installed! Therefore I recommend Comodo, Online Armor, or Outpost.

    **Tutorial on Firewalls can be found HERE**

    It is important to run only one of each type of protection program in resident mode at a time since conflicts can make them less effective. This would mean only one resident antivirus, firewall and scanning type of anti-spyware. Programs like SpywareBlaster and IE-Spyads do not conflict with any of these.

    Windows Updates - It is highly recommend to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

    It is also highly recommended to stay on top of your updates at all times, for Windows and all the above mentioned applications. This will ensure that you stay protected at the maximum level possible.

    And finally a little recommended action-smiley-036.gifHow did I get infected in the first place?(by Tony Klein)

    Good luck and safe surfing :)

  7. Hijack This Log[RESOLVED]

    in Malware Removal

    Posted

    Hello again,

    Lets run a software scan to make sure you are clean of malware. Then we will get back to the java/active x problem.

    Download and scan with SUPERAntiSpyware Free for Home Users

    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.

      [*]Click the "Close" button to leave the control center screen.

      [*]Back on the main screen, under "Scan for Harmful Software" click Scan your computer.

      [*]On the left, make sure you check C:\Fixed Drive.

      [*]On the right, under "Complete Scan", choose Perform Complete Scan.

      [*]Click "Next" to start the scan. Please be patient while it scans your computer.

      [*]After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".

      [*]Make sure everything has a checkmark next to it and click "Next".

      [*]A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.

      [*]If asked if you want to reboot, click "Yes".

      [*]To retrieve the removal information after reboot, launch SUPERAntispyware again.

      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply.

      [*]Click Close to exit the program.

  8. Downloaded Irfanview And Picked Up Malware[RESOLVED]

    in Malware Removal

    Posted

    Hello again,

    Well at this point, your computer is fixed and free of malware only. I would now post in the hardware forum with your problem, and let them know I have cleaned you of malware. I will leave this topic open so you can post the final results as well.

    You can keep Ad-Aware if you wish, but I would recommend Online Armor out of the three firewalls. Also, I would highly recommend ATF Cleaner over disc clean up.

    If you have any more questions, feel free to ask.

  9. Downloaded Irfanview And Picked Up Malware[RESOLVED]

    in Malware Removal

    Posted

    Nice job your log looks clean!

    How is it running?

    Please use the following suggestion to help prevent reinfection.

    Also, you may delete any tools I had you download during the cleaning process.

    Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)Now we need to make a new System Restore Point for your PC, please do the following

    • Click Start, Settings, Control Panel
    • Double-click the System icon
    • Click the Performance tab, File System, Troubleshooting tab
    • Check "Turn off System Restore" and click "Apply". Please give a moment as it will delete the old System Restore points
    • Then uncheck "Turn off System Restore" which will create a new System Restore point
    • Click OK

    I highly recommend downloading the following programs, to keep malware of your computer to begin with.

    The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

    SpywareBlaster - Great prevention tool to keep malware from installing on your system.

    **Tutorial on installing & using this product can be found HERE**

    SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

    **Tutorial on installing & using this product can be found HERE**

    IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

    **Tutorial on installing & using this product can be found HERE**

    ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out malware that like to reside in the temp folders.

    Firewall A firewall is definitely a must have to protect your computer from hackers. I recommend Comodo, Online Armor, or Outpost.

    **Tutorial on Firewalls can be found HERE**

    Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

    You must stay on top of your updates at all times, for the above mentioned applications.

    It is vitally important to stay on top of your critical updates provided by Microsoft.

    And finally a little action-smiley-036.gifHow did I get infected in the first place?(by Tony Klein)

    Good luck and safe surfing :)

  10. Hijack This Log[RESOLVED]

    in Malware Removal

    Posted

    Hello again,

    Please download Dial-a-fix from HERE and unzip it to your desktop.

    • Double click the Dial-a-fix.exe
    • Place a check next to ActiveX controls/codecs
    • Then hit GO
    • Once the program finishes you may exit out if it.

    Now try running Panda Scan or something that uses ActiveX and let me know if it works.

  12. Hijack This Log[RESOLVED]

    in Malware Removal

    Posted

    Hello again,

    Lets try two more scans.

    Please go HERE to run Panda's TotalScan

    • Select the bubble for Full scan
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • Then the scan will begin
    • When the scan completes, click the Save button on the right of Scan details
    • Save it to a convenient location. Post the contents of the TotalScan report

  13. Malware Infected Machine.. Hijack Log, Thanks For Your Help[RESOLVED]

    in Malware Removal

    Posted

    Hello again,

    Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.

    O15 - Trusted Zone: http://*.win2k8

    Now close all windows other than Hijackthis, then click Fix Checked. Close HijackThis.

    Other than that...

    Nice job your log looks clean!

    How is it running?

    Please use the following suggestion to help prevent reinfection.

    Also, you may delete any tools I had you download during the cleaning process.

    Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)Now we need to make a new System Restore Point for your PC, please do the following

    • Click Start, Settings, Control Panel
    • Double-click the System icon
    • Click the Performance tab, File System, Troubleshooting tab
    • Check "Turn off System Restore" and click "Apply". Please give a moment as it will delete the old System Restore points
    • Then uncheck "Turn off System Restore" which will create a new System Restore point
    • Click OK

    I highly recommend downloading the following programs, to keep malware of your computer to begin with.

    The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

    SpywareBlaster - Great prevention tool to keep malware from installing on your system.

    **Tutorial on installing & using this product can be found HERE**

    SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

    **Tutorial on installing & using this product can be found HERE**

    IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

    **Tutorial on installing & using this product can be found HERE**

    Firewall A firewall is definitely a must have to protect your computer from hackers. I recommend Comodo, Online Armor, or Outpost.

    **Tutorial on Firewalls can be found HERE**

    Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

    You must stay on top of your updates at all times, for the above mentioned applications.

    It is vitally important to stay on top of your critical updates provided by Microsoft.

    And finally a little action-smiley-036.gifHow did I get infected in the first place?(by Tony Klein)

    Good luck and safe surfing :)

  14. Downloaded Irfanview And Picked Up Malware[RESOLVED]

    in Malware Removal

    Posted

    Hello again,

    Please post any logs or info I ask from you in a new reply to this topic.

    Step 1

    Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:

    • Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop.
    • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6...allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
    • Click on the link to download Windows Offline Installation and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.

    Step 2

    Please download the OTMoveIt2 by OldTimer.

    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      C:\WINDOWS\sysoghcx.exe
      C:\WINDOWS\sysokuaw.exe
      C:\WINDOWS\sysodkcs.exe
      C:\WINDOWS\sysockeu.exe
      C:\WINDOWS\ftebh.exe 
      C:\WINDOWS\fbdzj.exe
      EmptyTemp


    • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt2

    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    Step 3

    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.

    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Full Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

  15. Malware Infected Machine.. Hijack Log, Thanks For Your Help[RESOLVED]

    in Malware Removal

    Posted

    Hello again,

    Step 1

    Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:

    • Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop.
    • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6...allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
    • Click on the link to download Windows Offline Installation and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.

    Step 2

    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.

    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Full Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

  16. Hijack This Log[RESOLVED]

    in Malware Removal

    Posted

    Hello again,

    My apolgies, please do the following.

    Lets run an F-Secure online scan for Viruses, Spyware and RootKits:

    • Go to http://support.f-secure.com/enu/home/ols.shtml
    • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
    • Allow the Active X control to be installed on your computer, then click the Accept button
    • Click Full System Scan and allow the components to download and the scan to complete.
    • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
    • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
    • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

    If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan

    • When the cleaning option is presented, Uncheck Submit samples to F-Secure
    • Click Automatic cleaning
    • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
    • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

    Notes:

    • This scan will only work with Internet Explorer
    • You must have administrator rights to run this scan
    • This scan can take several hours, so please be patient

  17. Hijack This Log[RESOLVED]

    in Malware Removal

    Posted

    Hello again,

    Step 1

    Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:

    • Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop.
    • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6...allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
    • Click on the link to download Windows Offline Installation and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.

    Step 2

    Please download ATF Cleaner by Atribune.

    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

    If you use Firefox browser

    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser

    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main menu to close the program.

    Step 3

    Please do an online scan with Kaspersky WebScanner

    Click on Accept

    You will be promted to install an ActiveX component from Kaspersky, Click Yes.

    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT

    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:

      • Extended (if available otherwise Standard)

      • Scan Options:

      • Scan Archives
        Scan Mail Bases

      [*]Click OK

      [*]Now under select a target to scan:

      • Select My Computer

      [*]This will program will start and scan your system.

      [*]The scan will take a while so be patient and let it run.

      [*]Once the scan is complete it will display if your system has been infected.

      • Now click on the Save as Text button:

      [*]Save the file to your desktop.

      [*]Copy and paste that information in your next post.

  18. Malware Infected Machine.. Hijack Log, Thanks For Your Help[RESOLVED]

    in Malware Removal

    Posted

    Hello again,

    Step 1

    Please download ATF Cleaner by Atribune.

    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

    If you use Firefox browser

    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser

    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main menu to close the program.

    Step 2

    1. Please open Notepad

    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    File::
    C:\WINDOWS\system32\awtrSjhf.dll
    C:\Documents and Settings\Alex Rojas\Application Data\inst.exe
    C:\WINDOWS\RtlRack.ini
    C:\WINDOWS\Brpfx04a.ini
    C:\WINDOWS\BRWMARK.INI
    C:\WINDOWS\brpcfx.ini
    C:\WINDOWS\BRPP2KA.INI 
    C:\WINDOWS\iun6002.exe
    C:\WINDOWS\system32\hgGaxYSL.dll
    C:\WINDOWS\system32\fccaxxuu.dll
    C:\WINDOWS\system32\rqRHbYrq.dll
    C:\WINDOWS\system32\tuvWonMe.dll
    C:\WINDOWS\system32\cwlikepy.dll
    C:\WINDOWS\system32\awtrSjhf.dll
    C:\WINDOWS\system32\mkyqvies.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50064432-0C5A-404C-934F-19370F3F8AF4}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65193335-DC04-4110-94E7-228FAE5D5470}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{93CB77C9-282D-4D4A-9BE5-83D62D6B8FFA}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C69F5E00-7BF3-4565-B78C-6623F70DC1A8}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E23136A1-1AC4-4D1B-926F-5D537CFFF359}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BMd35cca40"=-
    "d06ff9dc"=-
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{E23136A1-1AC4-4D1B-926F-5D537CFFF359}"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtrSjhf]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{85D1F3B2-2A21-11D7-97B9-0010DC2A6243}]

    3. Save the above as CFScript.txt

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    CFScript.gif

    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

    • Combofix.txt
    • A new HijackThis log.

  19. Malware Infected Machine.. Hijack Log, Thanks For Your Help[RESOLVED]

    in Malware Removal

    Posted

    Hello and Welcome to BT. :)

    I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

    Sorry for the delay!

    Please visit this web page for instructions for downloading and running ComboFix:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    This includes installing the Windows XP Recovery Console in case you have not installed it yet.

    For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

    Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

    Once you have finished installing the Windows Recovery Console, please continue with the rest of the tutorial at the above link.

    Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

  20. Downloaded Irfanview And Picked Up Malware[RESOLVED]

    in Malware Removal

    Posted

    Hello and Welcome to BT. :)

    I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

    Sorry for the delay!

    I am not seeing any suspicous from your HJT log right now, so lets dig a little deeper.

    Please download Deckard's System Scanner (DSS) to your desktop.

    • Close all applications and windows.
    • Double-click on dss.exe to run it, and follow the prompts.
    • When the scan is complete, a text file will open - Main.txt
    • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt in your thread in the HijackThis Log Help Forum.
    • An additional text file, Extra.txt,will also be available (by default) in the following FOLDER, C:\Deckard\System Scanner.
    • Please go to that folder and also copy the contents of Extra.txt to your post as well.

    Note: Some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

  21. Computer Help ?[INACTIVE]

    in Malware Removal

    Posted

    Hello and Welcome to BT. :)

    I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

    Sorry for the delay!

    hjticonle6.gifClick here to download HJTInstall.exe

    • Save HJTInstall.exe to your desktop.
    • Double click on the HJTInstall.exe icon on your desktop.
    • A window will pop up, and simply click Install.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis.
    • When it is completed installing HijackThis, it will automatically launch and you will be presented with the License Agreement. Click on the I Accept button.
    • Once the license agreement is gone, click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

  22. Hijack This Log[RESOLVED]

    in Malware Removal

    Posted

    Hello and Welcome to BT. :)

    I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

    Sorry for the delay!

    Step 1

    Your log shows that you have run HijackThis without extracting it from the zip folder first or have it running fromyour desktop/temporary location. To ensure that backups made when items are fixed are secure, we need to get HijackThis set up properly. To do this please download the self-extracting version of HijackThis that will unzip the file for you and put a shortcut on your desktop. Please delete any copies of HijackThis.zip you have saved.

    Please download the self-extracting version of HijackThis from here:

    HijackThis Installer Download

    Save HJTInstall.exe to your desktop.

    Double-click the file then click the Install button.

    The file will be extracted to C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    A shortcut for future use will also be created on your desktop and the Intro Frame of HijackThis will open.

    Click Do a system scan and save a log file. Copy the entire contents of that log and post it here by clicking the Add Reply button.

    Please use the shortcut to run the extracted HijackThis.exe from now on. Delete any copies of HijackThis.zip that you have saved.

    Step 2

    Please download Deckard's System Scanner (DSS) to your desktop.

    • Close all applications and windows.
    • Double-click on dss.exe to run it, and follow the prompts.
    • When the scan is complete, a text file will open - Main.txt
    • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt in your thread in the HijackThis Log Help Forum.
    • An additional text file, Extra.txt,will also be available (by default) in the following FOLDER, C:\Deckard\System Scanner.
    • Please go to that folder and also copy the contents of Extra.txt to your post as well.

    Note: Some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

  23. Stupid Error And Pop-ups[INACTIVE]

    in Malware Removal

    Posted · Edited by MoNsTeReNeRgY22

    Hello again,

    Step 1

    Please download this file and save it as it's originally named, next to ComboFix.exe.

    rc1.gif

    Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, it will ask you whether or not to continue with the malware scan. Select Yes, and post the resultant log.

    Step 2

    Jotti File Submission:

    Please go to Jotti's malware scan

    Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    D:\Program Files\ACAD2008.exe

    Click on the submit button

    Please post the results of the scan in your next reply.

    If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

    Step 3

    1. Please open Notepad

    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    File::
    D:\WINDOWS\system32\RCXE3.tmp
    D:\WINDOWS\system32\RCXE2.tmp
    D:\WINDOWS\system32\RCXE1.tmp
    D:\WINDOWS\system32\RCXD0.tmp
    D:\WINDOWS\system32\RCXE4.tmp
    D:\WINDOWS\system32\xfcahhud.tmp
    D:\WINDOWS\system32\RCXCC.tmp
    D:\WINDOWS\system32\kdiehuyb.tmp
    D:\WINDOWS\system32\RCXCF.tmp
    D:\WINDOWS\system32\RCX3E9.tmp
    D:\Program Files\Internet_Download_Manager_5.11_Build_3-KeyGen.rar
    D:\Program Files\2007-07-16-Portable-Nod32.exe
    D:\Program Files\Avast.Pro.v4.7.1001.rar
    D:\Program Files\about.txt
    D:\Documents and Settings\All Users\Application Data\ypinfo.bin
    D:\WINDOWS\system32\gebcb.dll
    D:\Documents and Settings\????\Application Data\Microsoft\Windows\cqbvth.exe
    C:\Windows\xpupdate.exe

    Folder::
    D:\Program Files\temp01
    D:\Program Files\MyWebSearch

    RENV::
    ----a-w			15,360 2008-05-19 13:14:28  D:\WINDOWS\system32\ctfmon .exe
    ----a-w		   159,232 2008-03-11 17:39:24  D:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
    ----a-w		   185,896 2008-05-14 15:11:44  D:\Program Files\Common Files\Real\Update_OB\realsched .exe
    ----a-w			81,920 2008-01-24 18:31:20  D:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
    ----a-w		   621,568 2008-01-18 15:05:08  D:\Program Files\Common Files\InstallShield\UpdateService\isuspm		.exe
    ----a-w		   621,568 2008-01-18 19:08:20  D:\Program Files\Common Files\InstallShield\UpdateService\isuspm		 .exe
    ----a-w		   621,568 2008-01-18 21:24:04  D:\Program Files\Common Files\InstallShield\UpdateService\isuspm		  .exe
    ----a-w		   621,568 2008-01-19 12:33:40  D:\Program Files\Common Files\InstallShield\UpdateService\isuspm		   .exe
    ----a-w		   621,568 2008-01-19 14:57:20  D:\Program Files\Common Files\InstallShield\UpdateService\isuspm			.exe
    ----a-w		   249,856 2008-01-19 14:57:32  D:\Program Files\Common Files\InstallShield\UpdateService\isuspm			 .exe
    ----a-w		   621,568 2008-01-21 13:13:18  D:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
    ----a-w		   621,568 2008-01-21 23:31:48  D:\Program Files\Common Files\InstallShield\UpdateService\isuspm  .exe
    ----a-w		   621,568 2008-01-22 11:19:24  D:\Program Files\Common Files\InstallShield\UpdateService\isuspm   .exe
    ----a-w		   621,568 2008-01-22 17:01:50  D:\Program Files\Common Files\InstallShield\UpdateService\isuspm	.exe
    ----a-w		   621,568 2008-01-22 23:43:46  D:\Program Files\Common Files\InstallShield\UpdateService\isuspm	 .exe
    ----a-w		   621,568 2008-01-23 20:53:06  D:\Program Files\Common Files\InstallShield\UpdateService\isuspm	  .exe
    ----a-w			94,208 2008-01-29 18:14:52  D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
    ----a-w		 1,694,208 2008-01-16 12:20:12  D:\Program Files\Messenger\msmsgs .exe
    ----a-w			39,792 2008-02-14 14:11:54  D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
    ----a-w		   129,536 2008-01-21 13:13:30  D:\Program Files\Yahoo!\browser\ybrwicon .exe
    ----a-w		   509,224 2008-01-22 17:02:00  D:\Program Files\Yahoo!\YOP\yop .exe
    ----a-w		   453,632 2008-04-11 00:10:52  D:\Program Files\QuickTime\qttask							 .exe
    ----a-w		   453,632 2008-04-13 17:05:46  D:\Program Files\QuickTime\qttask							  .exe
    ----a-w		   453,632 2008-04-15 02:27:52  D:\Program Files\QuickTime\qttask							   .exe
    ----a-w		   453,632 2008-04-28 20:44:02  D:\Program Files\QuickTime\qttask  .exe
    ----a-w		   453,632 2008-04-29 08:32:26  D:\Program Files\QuickTime\qttask   .exe
    ----a-w		   453,632 2008-04-29 20:37:34  D:\Program Files\QuickTime\qttask	.exe
    ----a-w		   453,632 2008-03-25 01:42:08  D:\Program Files\QuickTime\qttask	  .exe
    ----a-w		   453,632 2008-03-25 22:48:56  D:\Program Files\QuickTime\qttask	   .exe
    ----a-w		   453,632 2008-03-26 12:05:34  D:\Program Files\QuickTime\qttask		.exe
    ----a-w		   453,632 2008-03-26 18:31:14  D:\Program Files\QuickTime\qttask		 .exe
    ----a-w		   453,632 2008-03-27 02:08:22  D:\Program Files\QuickTime\qttask		  .exe
    ----a-w		   453,632 2008-03-28 01:25:16  D:\Program Files\QuickTime\qttask		   .exe
    ----a-w		   453,632 2008-03-28 12:05:48  D:\Program Files\QuickTime\qttask			.exe
    ----a-w		   453,632 2008-03-30 00:06:42  D:\Program Files\QuickTime\qttask			 .exe
    ----a-w		   453,632 2008-03-30 23:52:20  D:\Program Files\QuickTime\qttask			  .exe
    ----a-w		   453,632 2008-04-01 12:07:20  D:\Program Files\QuickTime\qttask			   .exe
    ----a-w		   453,632 2008-04-01 12:59:48  D:\Program Files\QuickTime\qttask				.exe
    ----a-w		   453,632 2008-04-02 13:40:06  D:\Program Files\QuickTime\qttask				 .exe
    ----a-w		   453,632 2008-04-03 12:02:26  D:\Program Files\QuickTime\qttask				  .exe
    ----a-w		   453,632 2008-04-03 15:58:18  D:\Program Files\QuickTime\qttask				   .exe
    ----a-w		   453,632 2008-04-03 20:23:08  D:\Program Files\QuickTime\qttask					.exe
    ----a-w		   453,632 2008-04-03 23:31:42  D:\Program Files\QuickTime\qttask					 .exe
    ----a-w		   453,632 2008-04-04 12:08:34  D:\Program Files\QuickTime\qttask					  .exe
    ----a-w		   453,632 2008-04-07 13:32:04  D:\Program Files\QuickTime\qttask					   .exe
    ----a-w		   453,632 2008-04-08 12:08:42  D:\Program Files\QuickTime\qttask						.exe
    ----a-w		   453,632 2008-04-08 13:33:56  D:\Program Files\QuickTime\qttask						 .exe
    ----a-w		   453,632 2008-04-08 23:18:36  D:\Program Files\QuickTime\qttask						  .exe
    ----a-w		   453,632 2008-04-09 12:20:32  D:\Program Files\QuickTime\qttask						   .exe
    ----a-w		   453,632 2008-04-10 17:46:24  D:\Program Files\QuickTime\qttask							.exe
    ----a-w		   453,632 2008-04-28 16:12:18  D:\Program Files\QuickTime\qttask .exe
    ----a-w			75,128 2008-01-29 18:14:46  D:\Program Files\Alwil Software\Avast4\ashDisp .exe
    ----a-w		   132,496 2008-01-17 22:14:50  D:\Program Files\Java\jre1.6.0_03\bin\jusched .exe

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A0190905-957F-4BDE-8415-514B6D84F9E6}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnonmj]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Community Tools]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Search Bar"=""
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "SearchURL"=""
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}]

    3. Save the above as CFScript.txt

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    CFScript.gif

    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

    • Combofix.txt
    • A new HijackThis log along with the Jotti results.

  24. Stupid Error And Pop-ups[INACTIVE]

    in Malware Removal

    Posted

    Hello and Welcome to BT. :)

    I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

    Please visit this web page for instructions for downloading and running ComboFix:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    This includes installing the Windows XP Recovery Console in case you have not installed it yet.

    For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

    Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

    Once you have finished installing the Windows Recovery Console, please continue with the rest of the tutorial at the above link.

    Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

  25. All Anti-spyware/virus Scans Fail..?

    in Windows 10, 8, 7, Vista, and XP

    Posted

    I would do what Besttechie and also a quick note.

    Unless you are comparatively knowledgeable about your version of Windows, you can certainly do more harm to your computer's functioning than any small improvements made by registry cleaners warrant.

    There are safer methods to employ to speed performance, and these usually produce noticeable results. See this link for a start.

    http://users.telenet.be/bluepatchy/miekiem...owcomputer.html