tj416

Members
  • Content Count

    49
  • Joined

  • Last visited

Everything posted by tj416

  1. Hi DocAlucard, Thanks for submitting the files! Please download VundoFix.exe to your desktop. Double-click VundoFix.exe to run it. Put a check next to Run VundoFix as a task. You will receive a message saying vundofix will close and re-open in a minute or less. Click OK When VundoFix re-opens, click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will shutdown your comput
  2. Hi DocAlucard, CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES Please go here: The Spy Killer Forum Click on "New Topic" Put your name, e-mail address, and this as the title: "Trojan-Downloader.Win32.Delf.pa files" Put a link to this topic in the description box. Then next to the file box, at the bottom, click the browse button, then navigate to this file:C:\WINNT\g11046554.dll [*]Click Open. [*]Repeat the above two steps for these files too: C:\WINNT\SYSTEM32\pmnmnno.dll C:\WINNT\SYSTEM32\windpk32.dll C:\WINNT\system32\admparsek.dll C:\WINNT\system32\compstuic.dll [*]Click Post. T
  3. Hi lolocaust, Sorry for the delayed reply, I seemed to have missed this topic. Please post a fresh HijackThis log and I will have a look at it ASAP.
  4. Thanks everybody!! I had a great day
  5. Hi lolocaust, I'd like to see a fresh HijackThis log because a lot could have changed since my last post. Legacy 6.0 looks Ok to me. Is there any paticular reason that you think it is dangerous?
  6. Hi lolocaust, CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES Please go here: The Spy Killer Forum Click on "New Topic" Put your name, e-mail address, and this as the title: "C:\WINDOWS\system32\rcnoke\csrss.exe" Put a link to this Besttechie topic in the description box. Then next to the file box, at the bottom, click the browse button, then navigate to this file:C:\WINDOWS\system32\rcnoke\csrss.exe (If you can't find the file, skip this step and proceed to the next step) [*]Click Open. [*]Click Post. Then, download and run CWShredder: Download CWShredder. Save CWShredder.exe to a
  7. Hi lolocaust, Please post a fresh HijackThis log.
  8. Hi lolocaust, Let us try this again.... Please download MsnVirRem (Either zip or self extracting .exe), and save it to your desktop. Once in place, right click the zip file (or double click the exe), and extract the files to your desktop. It will create another folder called MsnVirRem DO NOT RUN ANYTHING IN IT YET Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. In the new MsnVirRem folder, that you should have on your desktop, doub
  9. Hi lolocaust, Post a HijackThis log.
  10. Hi lolocaust, Please download MsnVirRem (Either zip or self extracting .exe), and save it to your desktop. Once in place, right click the zip file (or double click the exe), and extract the files to your desktop. It will create another folder called MsnVirRem DO NOT RUN ANYTHING IN IT YET Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. In the new MsnVirRem folder, that you should have on your desktop, double click MsnVir.bat and le
  11. Hi lolocaust, Please download VundoFix.exe to your desktop. Double-click VundoFix.exe to run it. Put a check next to Run VundoFix as a task. You will receive a message saying vundofix will close and re-open in a minute or less. Click OK When VundoFix re-opens, click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will shutdown your computer, click OK. Turn your computer b
  12. Hi ampshock, Don't forget to re-hide all files and folders. To re-hide all files and folders: Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading deselect "Show hidden files and folders". Check the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. To prevent re-infection in the future: I suggest you download Spyware Blaster to prevent the installation of Spyware in the first place. IE-Spyad puts over 5000 sites in your restricted zone so you'll be protected when you visit in
  13. Hi ampshock, Your log looks clean. How is everything running?
  14. Hi ampshock, You may want to print out these instructions or save them to your desktop as a text file with Notepad because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet. Go to Add/Remove Programs and uninstall (if present): winsupdater winupdates ISTsvc DNS Then, open HijackThis, run a scan and check these items: O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll O4 - HKLM\..\Run: [] winlog.exe O4 - HKLM\..\Run: [winsupdater] C:\Program Files\winsupdater\winsupda
  15. Hi ampshock, Since HijackThis does not scan the entire system and only certain areas are scanned to help diagnose the presence of undetected malware in some of the telltale places it hides. It is extremely important that you run a full system scan tool like an online virus scan, Ad-aware SE and Spybot S&D. I would like to START with those steps and finish the cleanup of strays or undetected items with HJT. I have provided instructions on how to run scans with a Online virus scanner, Ad-aware SE and Spybot S&D in this post. 1) Run one of these Online virus scanners: Housecall Panda RAV
  16. Hi Wargod18, BEFORE BEGINNING, Please read completely through the instructions below and download the files from the links provided. You may want to save or print out these instructions for easier reference. First, download Ewido Security Suite. Next, download Lavasoft's Ad-Aware and the VX2 Cleaner Plug-in. Install Ad-Aware using the default options, then install vx2cleaner_inst.exe, taking all the defaults there as well. Run Ad-Aware, update to the latest definitions, then click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK", then, if something
  17. Hi IAMTHEONE, You need to disable Microsoft Anti-Spyware because it may interfere while fixing items with HJT. Then, open HijackThis, run a scan and check these items: O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE If you haven't used Spybot S&D or another protection program to set these restrictions, or if your system administrator hasn't set these, check these entries too: O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present Now please close all windows and browsers, except HijackThis, and hav
  18. I'm sorry for my late reply. Could you please post a new HJT log?
  19. Hi IAMTHEONE, Please paste your entire log. TJ
  20. Happy Bithday, Crow!! TJ
  21. tj416

    Hjt Log

    You're Welcome! I am moving this to the HijackThis Logs (Resolved) section.
  22. tj416

    Hjt Log

    Your log is clean. Good Work! To prevent re-infection in the future: 1.I suggest you download Spyware Blaster to prevent the installation of Spyware in the first place. 2.IE-Spyad puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all and I suggest you download it. 3. I noticed that you do not have a firewall and that makes you vulnerable to Hackers. I recommend you use Zone Alarm or Kerio Firewall 4.I recommend that you read a thead titled So how do I get infected in the first place? by Tony Klien which
  23. tj416

    Hjt Log

    Hi bluzdude, Open Hijack This!, run a scan and check these items: O1 - Hosts: 69.20.16.183 search.netscape.com O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 auto.search.msn.com O1 - Hosts: 69.20.16.183 ieautosearch If you don't use Poker sites, check these items. O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Absolute Poker\Absolute