Dan

Members
 View Profile  See their activity

  • Content Count

    742

  • Joined

  • Last visited

 Content Type 

Posts posted by Dan

  1. Been Hijacked-please Help

    in Malware Removal

    Posted

    Hi,

    Lets see if you can get into Safe Mode again.

    When in there, press Ctrl-Alt-Delete to get into the task manager. Click the processes tab. Find the following process, click it, and select "End Process":

    csvun.exe

    Now, open Hijackthis, click the scan button, and check the following items:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT\system32\msblank.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\SHANED~1\LOCALS~1\Temp\se.dll/spage.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    O2 - BHO: (no name) - {6CFE85D3-C654-2F79-FA77-6D16801545BB} - C:\WINNT\system32\Z59JFLk0.dll

    O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINNT\system32\dkslz.dll

    O4 - HKLM\..\Run: [RunDLL] C:\WINNT\system32\rund11.exe

    O4 - HKLM\..\Run: [PerformCl] C:\WINNT\system32\perfcl.exe

    O4 - HKLM\..\Run: [icasServ] C:\WINNT\system32\icasServ.exe

    O4 - HKLM\..\Run: [ControlPanel] C:\WINNT\system32\popcorn72.exe rundll.dll,LoadMouseProfile

    O4 - HKLM\..\Run: [dmehk.exe] C:\WINNT\system32\dmehk.exe

    O4 - HKCU\..\Run: [aupd] C:\WINNT\system32\sysvcs.exe

    O17 - HKLM\System\CCS\Services\Tcpip\..\{F62805F4-8FB3-45C1-A275-87EBD4C1E533}: NameServer = 85.255.113.123,85.255.112.14

    O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.184.84,195.225.176.37

    O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.184.84,195.225.176.37

    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.184.84,195.225.176.37

    O21 - SSODL: qCmQLSyh - {6CFE85CD-C654-2F67-40F3-5C2A801545B8} - C:\WINNT\system32\mmrd.dll

    O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINNT\system32\dcom_9.dll

    Close all windows except HijackThis, and click the Fix Checked button.

    Locate the following files and delete them:

    C:\WINNT\system32\rund11.exe

    C:\WINNT\system32\perfcl.exe

    C:\WINNT\system32\icasServ.exe

    C:\WINNT\system32\popcorn72.exe

    C:\WINNT\system32\dmehk.exe

    C:\WINNT\system32\sysvcs.exe

    C:\WINNT\system32\mmrd.dll

    C:\WINNT\system32\dcom_9.dll

    Now, please RIGHT-CLICK HERE to download Silent Runner's.

    • Save it to the desktop.
    • Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
    • You will receive a prompt:
      • Do you want to skip supplementary searches?
        click NO

      [*]You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)

      [*]Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here in your next post.

    *NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

    Finally, Run HijackThis and post a new log, as well as your SilentRunners log.

    dk

  2. Been Hijacked-please Help

    in Malware Removal

    Posted

    Hi,

    Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

    This will likely be a few step process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

    You have a nasty CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem.

    Download about:buster by RubbeRDuckY Here.

    Download CWShredder Here.

    Download SpSeHjfix Here.

    Download and install CleanUp! Here

    Save all of these files somewhere you will remember like to the Desktop.

    Unzip SpSeHjfix to its own folder (ie c:\SpSeHjfix)

    Run the CleanUp! installer. You dont need to do anything with it right now.

    Update About:Buster

    • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
    • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
    • Click "OK" at the prompt with instructions.
    • Click "Update" and then "Check For Update" to begin the update process.
    • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
    • Now close About:Buster

    Update CWShredder

    • Open CWShredder and click I AGREE
    • Click Check For Update
    • Close CWShredder

    Boot into Safe Mode:

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Please run about:buster by RubbeRDuckY:

    • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
    • Click Yes to allow it to shutdown explorer.exe.
    • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
    • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
    • Reboot your computer into safe mode again

    Run about:buster again following the same instructions as above, this time without the restart at the end

    Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

    Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply.

    Now run CleanUp!. Click CleanUp and allow it to delete all the temporary files.Reboot your computer into normal windows.

    Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

    After all that, please post back with how things went as well as the logs requested and a new HiJackThis log.

    dk

  3. Hijackthis Log

    in Malware Removal

    Posted

    Hi,

    Please open HijackThis and check the following items:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB

    Close all windows except HijackThis, and click the "Fix Checked" button.

    Reboot and post a new log.

    dk

  8. Any Way...

    in Programming

    Posted

    Is there anywya to make a program in C++, that can save data to a disk (like an ini file), and read information.

    Ex.

    A wrestling program.

    Select option: (1 for edit, 2 for new, 3 for delete) 1

    then comes up all of his points for the year.

    Is this possible?

    dk

  9. tom357's HijackThis Log

    in Malware Removal

    Posted

    Hi,

    We have a couple of last steps to perform and then you're all set.

    First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.

    • Click Start.
    • Open My Computer.
    • Select the Tools menu and click Folder Options.
    • Select the View tab.
    • Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
    • CHECK the Hide protected operating system files (recommended) option.
    • Click Yes to confirm.
    • Click OK.

    Next, let's clean your restore points and set a new one:

    Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

    1. Turn off System Restore.

    On the Desktop, right-click My Computer.

    Click Properties.

    Click the System Restore tab.

    Check Turn off System Restore.

    Click Apply, and then click OK.

    2. Restart your computer.

    3. Turn ON System Restore.

    On the Desktop, right-click My Computer.

    Click Properties.

    Click the System Restore tab.

    UN-Check Turn off System Restore.

    Click Apply, and then click OK.

    System Restore will now be active again.

    Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

    • SpywareBlaster to help prevent spyware from installing in the first place.
    • SpywareGuard to catch and block spyware before it can execute.
    • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

    You should also have a good firewall. Here are 3 free ones available for personal use:

    and a good antivirus (these are also free for personal use):

    It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

    To keep your operating system up to date visit

    monthly. And to keep your system clean run these free malware scanners

    weekly, and be aware of what emails you open and websites you visit.

    To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

    Have a safe and happy computing day!

    dk

  11. Been Jacked

    in Malware Removal

    Posted · Edited by dknoppix

    Hi,

    You are currently running HijackThis from your desktop.

    Since HijackThis makes backups of any entries you fix, you should create a folder just to hold the HijackThis program and its backups, so the backups and the program are not accidentally deleted.

    To make a new folder:

    Go to "My Computer", click on C:\ and then go to the "File" menu, choose New -> Folder. Name the folder "HJT" or something like that and then please move the HijackThis.exe executable there.

    Please run HijackThis and click "Scan." Place checks next to the following entries:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.joyiex.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.joyiex.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.joyiex.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.joyiex.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.joyiex.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.joyiex.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.joyiex.com

    O4 - HKCU\..\Run: [ctfnom.exe] C:\WINNT\SVOHOST.exe

    If you or your administrator did not put this restriction on Control Panel, also check this item. These restrictions can also be set by software like Spybot Search & Destroy, SpywareBlaster or another similar protection software:

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    Close all windows except HijackThis, and click the "Fix Checked" button.

    Locate the following files, and delete it:

    C:\WINNT\SVOHOST.exe

    Reboot and post a new log.

    dk

  12. tom357's HijackThis Log

    in Malware Removal

    Posted

    Hi,

    You are currently running HijackThis from a temporary folder.

    Since HijackThis makes backups of any entries you fix, you should create a folder just to hold the HijackThis program and its backups, so the backups and the program are not accidentally deleted.

    To make a new folder:

    Go to "My Computer", click on C:\ and then go to the "File" menu, choose New -> Folder. Name the folder "HJT" or something like that and then please move the HijackThis.exe executable there.

    Now, open HijackThis, click the 'Scan' button,and check the following items:

    O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)

    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe

    O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL

    O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL

    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://dcon.futuremark.com/global/msc37.cab

    Close all windows except HijackThis, and click the 'Fix Checked' Button.

    Locate the following file and delete it:

    C:\WINDOWS\system32\taskswitch.exe

    Reboot, and post a new log.

    dk

  14. Egg Project

    in Open Chat

    Posted · Edited by dknoppix

    Let's see..No covering it in glue, and wooden toothpicks and we can only use large eggs....Any other questions?

    Maybe some more ideas?

    Vile, do you have AIM?

    dk

  19. Jetblue Plane Making Touch Down In La

    in Open Chat

    Posted

    139 People + 6 crew trapped on a plane.. The front wheel was stuck 90 degrees to the right....Time to make a touchdown landing....WHAT WOULD YOU DO??

    This a very scary event, for the crew as well as the passengers. As the pilot; what do you do? How do I land? What if I survive and everyone else is dead? As the passenger; OMFG /me takes out cell phone, Mom...I'm about to die!!!!!!!!! HOLY S*IT!!!!!!!!

    Lets just be thankful that the plane touched down without any problems -- no -- even gracefully, with a messed up wheel.

    dk :matrix: