-
Content Count
742 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by Dan
-
-
Hi,
We have a couple of last steps to perform and then you're all set.
First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View tab.
- Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
- CHECK the Hide protected operating system files (recommended) option.
- Click Yes to confirm.
- Click OK.
Next, let's clean your restore points and set a new one:
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
System Restore will now be active again.
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
- SpywareBlaster to help prevent spyware from installing in the first place.
- SpywareGuard to catch and block spyware before it can execute.
- IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You should also have a good firewall. Here are 3 free ones available for personal use:
and a good antivirus (these are also free for personal use):
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To keep your operating system up to date visit
monthly. And to keep your system clean run these free malware scanners
weekly, and be aware of what emails you open and websites you visit.
To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?
Have a safe and happy computing day!
dk
- Click Start.
-
Happy Birthday!!!!!
I suppose you're blim's son?
-
Hi,
Please print these instructions out for use in Safe Mode.
Please download VundoFix.exe to your desktop.
- Double-click VundoFix.exe to extract the files
- This will create a VundoFix folder on your desktop.
- After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
- Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
- You will first be presented with a warning.
It should look like thisVundoFix V2.13 by Atri
By using VundoFix you agree that you are doing so at your own risk
Press enter to continue.... - At this point press enter one time.
- Next you will see:Type in the filepath as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix. - At this point please type the following file path (make sure to enter it exactly as below!):
- C:\WINDOWS\system32\tuspp.dll
[*]Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
[*] Next you will see:
Please type in the second filepath as instructed by the forum staffThen Press Enter, Then F6, Then Enter Again to continue with the fix.
[*]At this point please type the following file path (make sure to enter it exactly as below!):
- C:\WINDOWS\system32\ppsut.*
[*]Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
[*]The fix will run then HijackThis will open.
[*]In HiJackThis, please place a check next to the following items and click FIX CHECKED:
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\tuspp.dll
O20 - Winlogon Notify: tuspp - C:\WINDOWS\system32\tuspp.dll
[*]After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
[*]Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
[*]Once your machine reboots please continue with the instructions below.
- C:\WINDOWS\system32\tuspp.dll
Download and install CleanUp!
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
- Empty Recycle Bins
- Delete Cookies
- Delete Prefetch files
- Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
It may ask you to reboot at the end, click NO.
Then, please run this online virus scan: ActiveScan
Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.
dk
- Double-click VundoFix.exe to extract the files
-
Yeah...I was planning on just attaching random toothpicks in places, not reallly tightly, so that they fall off.
-
How in the heck can you do that 0_o
-
Yes...Good point
-
Wasn't this announced a while ago????
I use Sygate BTW
-
Good idea
-
Great Pics
-
Interesting Chappy....I am almost done building my first try one, and I'll post a pic soon,and I will use both of your ideas.
dk
-
Try fixwareout in normal mode. This may be the problem.
If you can't get into normal mode, download BFU.zip from http://dknoppix.com/downloads.php?dl=bfu, and unzip it into "C:\fixwareout".
Then try.
dk
-
In my newsletter
http://dknoppix.com/newsletter/twdknewsletter1.html
(Also, someone else told me about it in this thread )
-
Panda's a great firewall (Note: Don't run two AntiVirus programs by eachother!)
dk
-
Hmm...
Download This: http://homepage.ntlworld.com/spencer.greystrong/W2kFiles.exe and run it.
Now run fixwareout again, and post a new HijackThis log.
dk
-
Hi,
You may want to print out these instructions for reference, since you will have to restart your computer during the fix.
Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT\system32\msblank.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\SHANED~1\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: (no name) - {6CFE85D3-C654-2F79-FA77-6D16801545BB} - C:\WINNT\system32\Z59JFLk0.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINNT\system32\dkslz.dll
O4 - HKLM\..\Run: [RunDLL] C:\WINNT\system32\rund11.exe
O4 - HKLM\..\Run: [PerformCl] C:\WINNT\system32\perfcl.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINNT\system32\popcorn72.exe rundll.dll,LoadMouseProfile
O4 - HKLM\..\Run: [dmehk.exe] C:\WINNT\system32\dmehk.exe
O4 - HKCU\..\Run: [aupd] C:\WINNT\system32\sysvcs.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O17 - HKLM\System\CCS\Services\Tcpip\..\{F62805F4-8FB3-45C1-A275-87EBD4C1E533}: NameServer = 85.255.113.123,85.255.112.14
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.184.84,195.225.176.37
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.184.84,195.225.176.37
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.184.84,195.225.176.37
O21 - SSODL: qCmQLSyh - {6CFE85CD-C654-2F67-40F3-5C2A801545B8} - C:\WINNT\system32\mmrd.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINNT\system32\dcom_9.dll
Click Fix Checked. Close HijackThis, and click OK to proceed.
At the end of the fix, you may need to restart your computer again.
Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log.
dk
-
Ok...lets try this:
Download http://www.atribune.org/downloads/csvun.zip, and unzip it to your desktop using Winzip or a simliar program (If you don't have winzip, just unzip them on another computer, and just copy the files over)
After you have unziped them, run csvun.bat.
Now, please RIGHT-CLICK HERE to download Silent Runner's.
- Save it to the desktop.
- Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
- You will receive a prompt:
- Do you want to skip supplementary searches?
click NO
[*]You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
[*]Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here in your next post.
- Do you want to skip supplementary searches?
*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.
dk
- Save it to the desktop.
-
Woah! nice!
How'd you get the camera up there? (Setting z?)
dk
-
a cute little piggy
-
woah..thats cool
How'd you make that lol
-
HAPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPY BIRTHDAYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY MANDYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY!!!!!!
Have a good one
dk
-
woah...how do you get the space effect? Is that a multicolored sun?
dk
-
Great resource
I'll bookmark it
-
Ok, lets try it this way.
Boot into Safe Mode, and click Start --> Run. Type "cmd" and press enter.
In the command prompt, type: taskkill /f csvun.exe
Now locate "C:\WINNT\system32\csvun.exe and rename it csvun.old.
Now do the instructions in the fix in my previous post.
Good luck,
dk
-
Hi,
We have a couple of last steps to perform and then you're all set.
First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View tab.
- Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
- CHECK the Hide protected operating system files (recommended) option.
- Click Yes to confirm.
- Click OK.
Next, let's clean your restore points and set a new one:
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
System Restore will now be active again.
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
- SpywareBlaster to help prevent spyware from installing in the first place.
- SpywareGuard to catch and block spyware before it can execute.
- IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You should also have a good firewall. Here are 3 free ones available for personal use:
and a good antivirus (these are also free for personal use):
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To keep your operating system up to date visit
monthly. And to keep your system clean run these free malware scanners
weekly, and be aware of what emails you open and websites you visit.
To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?
Have a safe and happy computing day!
dk
- Click Start.
Post Your Desktop?
in Graphic Design
Posted
I got one...i made this a few days ago....but was too lazy to post it.
http://dknoppix.com/Pictures/blue2.bmp
dk