tj416

Members
 View Profile  See their activity

  • Content Count

    49

  • Joined

  • Last visited

 Content Type 

Posts posted by tj416

  1. Hjt Log

    in Malware Removal

    Posted

    Hi bluzdude,

    It also looks like you've got a Winsock hijacker,to remove this you need to download and run LSP-fix:

    1.Check I know what I'm doing.

    2.Select all instances of dolsp.dll and aklsp.dll.

    3.Move these instances to the remove pane.

    4.Click Finished.

    5.Restart your computer.

    5.After restarting, delete c:\windows\system32\dolsp.dll and c:\windows\system32\aklsp.dll.

    Then, download the latest version of Hijack This from http://www.merijn.org/files/hijackthis.zip and post a new log.

  2. Hjt Log

    in Malware Removal

    Posted

    Hi bluzdude,

    Close any programs you have open since this step requires a reboot.

    From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

    IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!

  3. Hjt Log

    in Malware Removal

    Posted

    You have the latest version of VX2. Download L2mfix from one of these two locations:

    http://www.atribune.org/downloads/l2mfix.exe

    http://www.downloads.subratam.org/l2mfix.exe

    Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

    IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

  4. N>tepad.exe

    in Malware Removal

    Posted · Edited by tj416

    Hi Jasonp,

    Step 1

    1. Download and Install Spybot S&D, accepting the Default Settings

    2. In the Menu Bar at the top of the Spybot window you will see 'Mode'. Make certain that 'default mode' has a check mark beside it.

    3. Close ALL windows except Spybot S&D

    4. Click the button to ‘Search for Updates’ then download and install the Updates.

    5. Next click the button ‘Check for Problems’

    6. When Spybot is complete, it will be showing ‘RED’ entries bold 'Black' entries and ‘GREEN’ entries in the window

    7. Make certain there is a check mark beside all of the RED entries ONLY.

    8. Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.

    9.REBOOT to complete the scan and clear memory.

    Step 2

    1. Download and Install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan

    2.Close ALL windows except Ad-Aware SE

    3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.

    4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window

    1) In the ‘General’ window make sure the following are selected in green:

    *Automatically save log-file

    *Automatically quarantine objects prior to removal

    *Safe Mode (always request confirmation)

    Under Definitions:

    *Prompt to udate outdated definitions - set the number of days

    2) Click on the ‘Scanning’ button on the left and select in green :

    Under Driver, Folders & Files:

    *Scan Within Archives

    Under Select drives & folders to scan -

    *choose all hard drives

    Under Memory & Registry: all green

    *Scan Active Processes

    *Scan Registry

    *Deep Scan Registry

    *Scan my IE favorites for banned URL’s

    *Scan my Hosts file

    3) Click on the ‘Advanced’ button on the left and select in green:

    Under Shell Integration:

    *Move deleted files to recycle bin

    Under Logfile Detail Level: (all green)

    *include addtional object information

    *DESELECT - include negligible objects information

    *include environment information

    Under Alternate Data Streams:

    *Don't log streams smaller than 0 bytes

    *Don't log ADS with the following names: CA_INOCULATEIT

    4) Click the ‘Tweak’ button and select in green:

    Under ‘Scanning Engine’:

    *Unload recognized processes during scanning

    *Scan registry for all users instead of current user only

    Under ‘Cleaning Engine’:

    *Let Windows remove files in use at next reboot

    Under Log Files:

    *Include basic Ad-aware SE settings in logfile

    *Include additional Ad-aware SE settings in logfile

    *Please do not check: Include Module list in logfile

    5. Click on ‘Proceed’ to save the settings.

    6. Click ‘Start’

    *Choose:'Perform Full System Scan'

    *DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.

    7. Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.

    8. If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window

    9. Save the log file when it asks and then click ‘finish’

    10. REBOOT to complete the removal of what Ad-Aware SE found.

    Step 3

    Then, reboot and post a new log in this thread.

  10. Hjt Log

    in Malware Removal

    Posted · Edited by tj416

    Quoted from Microsoft's Security Bulletin MS04-011:

    Affected Software:

    Microsoft Windows NT® Workstation 4.0 Service Pack 6a – Download the update

    Microsoft Windows NT Server 4.0 Service Pack 6a – Download the update

    Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 – Download the update

    Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, and Microsoft Windows 2000 Service Pack 4 – Download the update

    Microsoft Windows XP and Microsoft Windows XP Service Pack 1 – Download the update

    Microsoft Windows XP 64-Bit Edition Service Pack 1 – Download the update

    Microsoft Windows XP 64-Bit Edition Version 2003 – Download the update

    Microsoft Windows Server™ 2003 – Download the update

    Microsoft Windows Server 2003 64-Bit Edition – Download the update

    Microsoft NetMeeting

    Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) – Review the FAQ section of this bulletin for details about these operating systems.

    I think you should ignore those popups. The Windows LSASS vulnerability is not a problem with Windows XP SP2. :D

  12. Hjt Log

    in Malware Removal

    Posted

    You can leave it alone. Your log is clean. The Windows LSASS vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the affected system. This vulnerability is discussed in detail here.

    Running Windows Update should install this critical update and hopefully stop those popups.

    TJ

  13. Hjt Log

    in Malware Removal

    Posted · Edited by tj416

    Hi bar5,

    Open Hijack This!, run a scan and check these items:

    The following item is a restriction to your computer. If you did not set this entry with Spybot or another protection program, or if your administrator did not set it, then check this item .

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    Now please close all windows and browsers, except HijackThis, and have HijackThis fix them by clicking on Fix Checked.

    Apart from that entry, your log looks clean.

    TJ

  14. Daves Log

    in Malware Removal

    Posted · Edited by tj416

    Your log looks clean.

    I moved this topic because the problem isn't malware related anymore.

    When did this problem start happening? What did you install before the problem started? Is this the only thing that is taking a while to load? How long is it taking? Do you have the latest drivers for your graphics card installed?

    TJ

  15. Daves Log

    in Malware Removal

    Posted · Edited by tj416

    Hi dsell,

    I noticed you have Ad-watch enabled. You should temporarily disable it as it could interfere while fixing items in Hijack This!. To disable ad-watch:

    1. Right-click on its icon in the taskbar.

    2. Select Unload Ad-watch.

    3.Then, go to Ad-Watch Settings and uncheck Load Ad-Watch on Windows start up.

    I also noticed that you are running Microsoft Anti-Spyware and you should also temporarily disable it because it may also interfere while fixing items. To disable Microsoft Anti-Spyware:

    1. Right click on its icon in the taskbar.

    2.Click Shutdown Microsoft AntiSpyware.

    Then , open Hijack This!, run a scan and check these items:

    The following item is a restriction to your computer. If you did not set this entry with Spybot or another protection program, or if your administrator did not set it, then check this item .

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    Now please close all windows and browsers, except HijackThis, and have HijackThis fix them by clicking on Fix Checked.

    Then,reboot and post a new log in this thread. Also in your reply, post your computer specifications (RAM, HD Space etc.).

  17. Ad-aware Tutorial

    in Security Articles

    Posted

    1. Download and Install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan

    2.Close ALL windows except Ad-Aware SE

    3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.

    4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window

    1) In the ‘General’ window make sure the following are selected in green:

    *Automatically save log-file

    *Automatically quarantine objects prior to removal

    *Safe Mode (always request confirmation)

    Under Definitions:

    *Prompt to udate outdated definitions - set the number of days

    2) Click on the ‘Scanning’ button on the left and select in green :

    Under Driver, Folders & Files:

    *Scan Within Archives

    Under Select drives & folders to scan -

    *choose all hard drives

    Under Memory & Registry: all green

    *Scan Active Processes

    *Scan Registry

    *Deep Scan Registry

    *Scan my IE favorites for banned URL’s

    *Scan my Hosts file

    3) Click on the ‘Advanced’ button on the left and select in green:

    Under Shell Integration:

    *Move deleted files to recycle bin

    Under Logfile Detail Level: (all green)

    *include addtional object information

    *DESELECT - include negligible objects information

    *include environment information

    Under Alternate Data Streams:

    *Don't log streams smaller than 0 bytes

    *Don't log ADS with the following names: CA_INOCULATEIT

    4) Click the ‘Tweak’ button and select in green:

    Under ‘Scanning Engine’:

    *Unload recognized processes during scanning

    *Scan registry for all users instead of current user only

    Under ‘Cleaning Engine’:

    *Let Windows remove files in use at next reboot

    Under Log Files:

    *Include basic Ad-aware SE settings in logfile

    *Include additional Ad-aware SE settings in logfile

    *Please do not check: Include Module list in logfile

    5. Click on ‘Proceed’ to save the settings.

    6. Click ‘Start’

    *Choose:'Perform Full System Scan'

    *DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.

    7. Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.

    8. If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window right-click in that pane and choose "select all"

    9. Save the log file when it asks and then click ‘finish’

    10. REBOOT to complete the removal of what Ad-Aware SE found.

  18. Spybot Tutorial

    in Security Articles

    Posted

    1. Downloaded and Install Spybot S&D, accepting the Default Settings.

    2. In the Menu Bar at the top of the Spybot window you will see 'Mode'. Makesure that 'default mode' has a check mark beside it.

    3. Close ALL windows except Spybot S&D.

    4. Click on ‘Search for Updates’ then download and install all available updates.

    5. Next click on ‘Check for Problems’.

    6. When the scan is complete, it will be showing RED entries, Black entries and GREEN entries in the window.

    7. Makesure there is a check mark beside all of the RED entries ONLY.

    8. Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.

    9.REBOOT to complete the scan and clear memory.