Dan

Members
 View Profile  See their activity

  • Content Count

    742

  • Joined

  • Last visited

 Content Type 

Posts posted by Dan

  2. Hijack This Log.. Help!

    in Malware Removal

    Posted

    Hi,

    We have a couple of last steps to perform and then you're all set.

    First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.

    • Click Start.
    • Open My Computer.
    • Select the Tools menu and click Folder Options.
    • Select the View tab.
    • Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
    • CHECK the Hide protected operating system files (recommended) option.
    • Click Yes to confirm.
    • Click OK.

    Next, let's clean your restore points and set a new one:

    Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

    1. Turn off System Restore.

    On the Desktop, right-click My Computer.

    Click Properties.

    Click the System Restore tab.

    Check Turn off System Restore.

    Click Apply, and then click OK.

    2. Restart your computer.

    3. Turn ON System Restore.

    On the Desktop, right-click My Computer.

    Click Properties.

    Click the System Restore tab.

    UN-Check Turn off System Restore.

    Click Apply, and then click OK.

    System Restore will now be active again.

    Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

    • SpywareBlaster to help prevent spyware from installing in the first place.
    • SpywareGuard to catch and block spyware before it can execute.
    • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

    You should also have a good firewall. Here are 3 free ones available for personal use:

    and a good antivirus (these are also free for personal use):

    It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

    To keep your operating system up to date visit

    monthly. And to keep your system clean run these free malware scanners

    weekly, and be aware of what emails you open and websites you visit.

    To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

    Have a safe and happy computing day!

    dk :thumbsup:

  4. Hijack This Log.. Help!

    in Malware Removal

    Posted

    Hi,

    Please print these instructions out for use in Safe Mode.

    Please download VundoFix.exe to your desktop.

    • Double-click VundoFix.exe to extract the files
    • This will create a VundoFix folder on your desktop.
    • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
    • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
    • You will first be presented with a warning.
      It should look like this
      VundoFix V2.13 by Atri
      By using VundoFix you agree that you are doing so at your own risk
      Press enter to continue....
    • At this point press enter one time.
    • Next you will see:
      Type in the filepath as instructed by the forum staff
      Then Press Enter, Then F6, Then Enter Again to continue with the fix.
    • At this point please type the following file path (make sure to enter it exactly as below!):
      • C:\WINDOWS\system32\tuspp.dll

      [*]Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.

      [*] Next you will see:

      Please type in the second filepath as instructed by the forum staff

      Then Press Enter, Then F6, Then Enter Again to continue with the fix.

      [*]At this point please type the following file path (make sure to enter it exactly as below!):

      • C:\WINDOWS\system32\ppsut.*

      [*]Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.

      [*]The fix will run then HijackThis will open.

      [*]In HiJackThis, please place a check next to the following items and click FIX CHECKED:


      • O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\tuspp.dll
        O20 - Winlogon Notify: tuspp - C:\WINDOWS\system32\tuspp.dll

      [*]After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.

      [*]Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!

      [*]Once your machine reboots please continue with the instructions below.

    Download and install CleanUp!

    Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).

    Set the program up as follows:

    Click "Options..."

    Move the arrow down to "Custom CleanUp!"

    Put a check next to the following (Make sure nothing else is checked!):

    • Empty Recycle Bins
    • Delete Cookies
    • Delete Prefetch files
    • Cleanup! All Users

    Click OK

    Press the CleanUp! button to start the program.

    It may ask you to reboot at the end, click NO.

    Then, please run this online virus scan: ActiveScan

    Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.

    dk

  16. Been Hijacked-please Help

    in Malware Removal

    Posted

    Hi,

    You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

    Please download FixWareout from one of these sites:

    http://downloads.subratam.org/Fixwareout.exe

    http://swandog46.geekstogo.com/Fixwareout.exe

    Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

    When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT\system32\msblank.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\SHANED~1\LOCALS~1\Temp\se.dll/spage.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    O2 - BHO: (no name) - {6CFE85D3-C654-2F79-FA77-6D16801545BB} - C:\WINNT\system32\Z59JFLk0.dll

    O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINNT\system32\dkslz.dll

    O4 - HKLM\..\Run: [RunDLL] C:\WINNT\system32\rund11.exe

    O4 - HKLM\..\Run: [PerformCl] C:\WINNT\system32\perfcl.exe

    O4 - HKLM\..\Run: [ControlPanel] C:\WINNT\system32\popcorn72.exe rundll.dll,LoadMouseProfile

    O4 - HKLM\..\Run: [dmehk.exe] C:\WINNT\system32\dmehk.exe

    O4 - HKCU\..\Run: [aupd] C:\WINNT\system32\sysvcs.exe

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O17 - HKLM\System\CCS\Services\Tcpip\..\{F62805F4-8FB3-45C1-A275-87EBD4C1E533}: NameServer = 85.255.113.123,85.255.112.14

    O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.184.84,195.225.176.37

    O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.184.84,195.225.176.37

    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.184.84,195.225.176.37

    O21 - SSODL: qCmQLSyh - {6CFE85CD-C654-2F67-40F3-5C2A801545B8} - C:\WINNT\system32\mmrd.dll

    O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINNT\system32\dcom_9.dll

    Click Fix Checked. Close HijackThis, and click OK to proceed.

    At the end of the fix, you may need to restart your computer again.

    Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log.

    dk

  17. Been Hijacked-please Help

    in Malware Removal

    Posted

    Ok...lets try this:

    Download http://www.atribune.org/downloads/csvun.zip, and unzip it to your desktop using Winzip or a simliar program (If you don't have winzip, just unzip them on another computer, and just copy the files over)

    After you have unziped them, run csvun.bat.

    Now, please RIGHT-CLICK HERE to download Silent Runner's.

    • Save it to the desktop.
    • Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
    • You will receive a prompt:
      • Do you want to skip supplementary searches?
        click NO

      [*]You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)

      [*]Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here in your next post.

    *NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

    dk

  24. Been Hijacked-please Help

    in Malware Removal

    Posted

    Ok, lets try it this way.

    Boot into Safe Mode, and click Start --> Run. Type "cmd" and press enter.

    In the command prompt, type: taskkill /f csvun.exe

    Now locate "C:\WINNT\system32\csvun.exe and rename it csvun.old.

    Now do the instructions in the fix in my previous post.

    Good luck,

    dk

  25. Hijackthis Log

    in Malware Removal

    Posted

    Hi,

    We have a couple of last steps to perform and then you're all set.

    First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.

    • Click Start.
    • Open My Computer.
    • Select the Tools menu and click Folder Options.
    • Select the View tab.
    • Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
    • CHECK the Hide protected operating system files (recommended) option.
    • Click Yes to confirm.
    • Click OK.

    Next, let's clean your restore points and set a new one:

    Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

    1. Turn off System Restore.

    On the Desktop, right-click My Computer.

    Click Properties.

    Click the System Restore tab.

    Check Turn off System Restore.

    Click Apply, and then click OK.

    2. Restart your computer.

    3. Turn ON System Restore.

    On the Desktop, right-click My Computer.

    Click Properties.

    Click the System Restore tab.

    UN-Check Turn off System Restore.

    Click Apply, and then click OK.

    System Restore will now be active again.

    Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

    • SpywareBlaster to help prevent spyware from installing in the first place.
    • SpywareGuard to catch and block spyware before it can execute.
    • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

    You should also have a good firewall. Here are 3 free ones available for personal use:

    and a good antivirus (these are also free for personal use):

    It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

    To keep your operating system up to date visit

    monthly. And to keep your system clean run these free malware scanners

    weekly, and be aware of what emails you open and websites you visit.

    To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

    Have a safe and happy computing day!

    dk