-
Content Count
742 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by Dan
-
-
Hmm....I'll need to talk to someone about this......
For now, try the other steps......
dk
-
Yeah...but I can access it in IE but not Firefox..heh
-
er...Sorry, my mistake...
Sorry about the delay..
----
Hi,
Please read through the instructions before you start (you may want to print this out).
Please download and install these programs - don't run them yet!!
Please download and unzip
About:Buster to a folder. Inside the folder is a readme file that has instructions on the use of the program.
AboutBuster MUST be updated before you use it.
Start AboutBuster, click the update button, check for update, drag the box to the side and hit download updates, close the box . Don't run it yet.
Please download and install AD-Aware.
Check Here on how setup and use it - please make sure you update it first.
Download and unzip cwsserviceremove to your desktop. use either link below:
http://computercops.biz/modules.php?name=Forums&file=download&id=3002[/url
http://www.mytechsupport.ca/helpwithpcs/up...rviceremove.zip
Download CW-Shredder at the link below:
http://cwshredder.net/bin/CWSshtreder.exe
For anyone using Windows XP, 'Search' will not automatically show hidden files even if your folder options settings are set to do that. Do this so you can see hidden files and folders - click here http://www.davehigham.zen.co.uk/downloads/xphidden.zip to download xphidden.zip. Extract xphidden.reg from the zip file and save it to the desktop. When done, double-click the xphidden.reg and when asked to merge say yes.
1. Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the service called:
Remote Procedure Call (RPC) Helper
2. Reboot into SafeMode. <---MAKE SURE YOU KNOW HOW TO DO THIS!!
If you find the files, click on them, and then click End Process => Exit the Task Manager.
4. CLOSE ALL WINDOWS AND BROWSERS Scan with Hijack This and put checks next to all the following, then click "Fix Checked"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {BC0FF74A-7E39-79D3-0B70-06EC5F199D5F} - C:\WINDOWS\netfh32.dll
O4 - HKLM\..\Run: [os2T3ni] wldtml.exe
O4 - HKLM\..\Run: [ntkw32.exe] C:\WINDOWS\system32\ntkw32.exe
O4 - HKCU\..\Run: [ZBt3RhGFU] lffmgr10.exe
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
5. Delete the following files if present:
C:\WINDOWS\system32\ntkw32.exe
Press Start --> Find. Find the following files and delete them:
7. Scan with AdAware and let it remove any bad files found.
9. Double click on the cwsserviceremove and when asked to merge say yes.
10. Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.
12. Download the Hoster from here http://members.aol.com/toadbee/hoster.zip. Press "Restore Original Hosts" and press "OK". Exit Program.
13. Download and run this online virus scan:
http://housecall.trendmicro.com/housecall/start_corp.asp
Make sure you check "AutoClean"
Then reboot and post a fresh Hijack This log as well as an About:Buster log to see how we did.
-
Hmm...I tried in IE and it worked...I cleared out Cache, cookies, and history...At least the first page loaded..heh..
-
Hi, (Some of the steps we did cover already, and if you have the programs here, remember to update them)
Please read through the instructions before you start (you may want to print this out).
Please download and install these programs - don't run them yet!!
Please download and unzip
About:Buster to a folder. Inside the folder is a readme file that has instructions on the use of the program.
AboutBuster MUST be updated before you use it.
Start AboutBuster, click the update button, check for update, drag the box to the side and hit download updates, close the box . Don't run it yet.
Please download and install AD-Aware.
Check Here on how setup and use it - please make sure you update it first.
Download and unzip cwsserviceremove to your desktop. use either link below:
http://computercops.biz/modules.php?name=Forums&file=download&id=3002[/url
http://www.mytechsupport.ca/helpwithpcs/up...rviceremove.zip
Download CW-Shredder at the link below:
http://cwshredder.net/bin/CWSshtreder.exe
For anyone using Windows XP, 'Search' will not automatically show hidden files even if your folder options settings are set to do that. Do this so you can see hidden files and folders - click here http://www.davehigham.zen.co.uk/downloads/xphidden.zip to download xphidden.zip. Extract xphidden.reg from the zip file and save it to the desktop. When done, double-click the xphidden.reg and when asked to merge say yes.
1. Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the service called:
Network Security Service (NSS)
2. Reboot into SafeMode. <---MAKE SURE YOU KNOW HOW TO DO THIS!!
If you find the files, click on them, and then click End Process => Exit the Task Manager.
4. Scan with Hijack This and put checks next to all the following:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: GDS module - {A084A565-B09B-4e4c-A497-7CC50AEAB2A7} - C:\WINNT\gds.dll
O2 - BHO: Class - {A146D46A-42B6-1948-7D09-20744CC5FFB1} - C:\WINNT\javarm.dll
O2 - BHO: Class - {D8DFD538-D915-DA42-82AD-9910D5D6D43B} - C:\WINNT\system32\netyw32.dll
O4 - HKLM\..\Run: [crvg.exe] C:\WINNT\crvg.exe
Close all windows except HijackThis, and click the "Fix Checked" button.
5. Next, delete the following files if present:
7. Scan with AdAware and let it remove any bad files found.
9. Double click on the cwsserviceremove and when asked to merge say yes.
10. Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.
12. Download the Hoster from here http://members.aol.com/toadbee/hoster.zip. Press "Restore Original Hosts" and press "OK". Exit Program.
13. Download and run this online virus scan:
http://housecall.trendmicro.com/housecall/start_corp.asp
Make sure you check "AutoClean"
then reboot and post a fresh Hijack This log to see how we did.
-
Hey everyone.
Gmail has been DOWN for me for the past two days.....
Anyone know anything bout this?
dk
-
Ok,
Here's what I want you to do...
Please run CWShredder, and about:buster again, and post a new HijackThis log, as well as a new HijackThis log.
dk
-
Also, it seems that one form of your infection is gone O_o
-
Hi,
That was error on me..I will have a fix in around 5 min..
-
Hi,
Please read through the instructions before you start (you may want to print this out).
Please download and install these programs - don't run them yet!!
Please download and unzip
About:Buster to a folder. Inside the folder is a readme file that has instructions on the use of the program.
AboutBuster MUST be updated before you use it.
Start AboutBuster, click the update button, check for update, drag the box to the side and hit download updates, close the box . Don't run it yet.
Please download and install AD-Aware.
Check Here on how setup and use it - please make sure you update it first.
Download and unzip cwsserviceremove to your desktop. use either link below:
http://computercops.biz/modules.php?name=Forums&file=download&id=3002[/url
http://www.mytechsupport.ca/helpwithpcs/up...rviceremove.zip
Download CW-Shredder at the link below:
http://cwshredder.net/bin/CWSshtreder.exe
For anyone using Windows XP, 'Search' will not automatically show hidden files even if your folder options settings are set to do that. Do this so you can see hidden files and folders - click here http://www.davehigham.zen.co.uk/downloads/xphidden.zip to download xphidden.zip. Extract xphidden.reg from the zip file and save it to the desktop. When done, double-click the xphidden.reg and when asked to merge say yes.
1. Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the service called:
2. Reboot into SafeMode. <---MAKE SURE YOU KNOW HOW TO DO THIS!!
If you find the files, click on them, and then click End Process => Exit the Task Manager.
4. CLOSE ALL WINDOWS AND BROWSERS Scan with Hijack This and put checks next to all the following, then click "Fix Checked"
5. Delete the following files if present:
7. Scan with AdAware and let it remove any bad files found.
9. Double click on the cwsserviceremove and when asked to merge say yes.
10. Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.
12. Download the Hoster from here Press "Restore Original Hosts" and press "OK". Exit Program.
13. Download and run this online virus scan:
Make sure you check "AutoClean"
Then reboot and post a fresh Hijack This log as well as another about:buster log to see how we did.
-
Hi,
Please download Intermute's CWShredder from here:
http://cwshredder.net/bin/CWShredder.exe
Save it to the desktop and run it, and click "Fix" to remove the CWS infection.
Then please download About:Buster from here:
http://www.downloads.subratam.org/AboutBuster.zip
Unzip the files to a convenient location such as C:\AboutBuster, and run AboutBuster.exe.
Read the instructions then click OK to proceed.
Click "Check for Updates", and then "Download Updates" to update About:Buster to the newest version.
Then click Start to begin the scan.
If prompted to end the Explorer.exe process, click Yes.
Your desktop may disappear --- this is normal.
Allow the program to scan twice, and when complete click "Save Log".
This will create a text file called "AB Logfile.txt" in the folder where About:Buster is saved.
Restart.
Post the entire contents of that logfile here for me, as well as a new HijackThis log.
dk
-
Hi,
Please read through the instructions before you start (you may want to print this out).
Please download and install these programs - don't run them yet!!
Please download and unzip
About:Buster to a folder. Inside the folder is a readme file that has instructions on the use of the program.
AboutBuster MUST be updated before you use it.
Start AboutBuster, click the update button, check for update, drag the box to the side and hit download updates, close the box . Don't run it yet.
Please download and install AD-Aware.
Check Here on how setup and use it - please make sure you update it first.
Download and unzip cwsserviceremove to your desktop. use either link below:
http://computercops.biz/modules.php?name=Forums&file=download&id=3002[/url
http://www.mytechsupport.ca/helpwithpcs/up...rviceremove.zip
Download CW-Shredder at the link below:
http://cwshredder.net/bin/CWSshtreder.exe
For anyone using Windows XP, 'Search' will not automatically show hidden files even if your folder options settings are set to do that. Do this so you can see hidden files and folders - click here http://www.davehigham.zen.co.uk/downloads/xphidden.zip to download xphidden.zip. Extract xphidden.reg from the zip file and save it to the desktop. When done, double-click the xphidden.reg and when asked to merge say yes.
+++++++++++++++++++++++++++++++++++++++++++++++++
1. Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the service called:
2. Reboot into SafeMode. <---MAKE SURE YOU KNOW HOW TO DO THIS!!
If you find the files, click on them, and then click End Process => Exit the Task Manager.
4. CLOSE ALL WINDOWS AND BROWSERS Scan with Hijack This and put checks next to all the following, then click "Fix Checked"
5. Delete the following files if present:
7. Scan with AdAware and let it remove any bad files found.
9. Double click on the cwsserviceremove and when asked to merge say yes.
10. Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.
12. Download the Hoster from here Press "Restore Original Hosts" and press "OK". Exit Program.
13. Download and run this online virus scan:
Make sure you check "AutoClean"
then reboot and post a fresh Hijack This log to see how we did.
-
I don't get it...
-
Hi,
McAffee virus scan indicated that I have infected files, explorer.exe and kernel32.dll. They cannot be removed nor deleted by it. Any idea what I should do?Is there anyway to get HijackThis onto your home computer???
This may be a serious infection, so if Mcafee asks you to delete explorer.exe or kernel32.dll DO NOT DO SO. This may cause your computer to take serious damage.
Please scan with HijackThis, and try to transfer a log using a CD, or floppy onto your backup computer, and post it here. We may need to do alot of transfering, so please be aware of that.
Thanks,
dk
-
Hello brett5150,
If you would like to become part of the HijackThis Team, please PM Besttechie,
giving him your credentials, etc.
For now you are NOT authorized to post to HijackThis logs.
Thank you,
dk
-
LOL
Good one!
-
hehe
-
Any idea how to set up dialup on Ubuntu?
dk
-
nit must have access to house outlet jack (110V) to supply power to the Quantum Sleeper Unit and may be run separately through the floor directly to the unit.
Also, don't you think that it should have its own power supply?
If a terrorist dude comes in, and unplugs it, they're screwed.
-
heh...How do you breathe?
-
For links....I copy the link, go to manage favorites in Firefox, then save it.
Then I just go to it, right click it, and select properties and copy/paste the link.
-
Hi,
Open HJT, click the 'Scan' button, and check the following items:
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxresearch.com/Preloader.dll
If you are not using weatherbug, check this as well.
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?
Reboot and post a new log.
dk
-
Happy Birthday!!!!!!!!!!!!!!!!!!!!!!!
Edited some of the !!!! to eliminate page scroll
Dave - Besttechie Moderator
-
Or, you can paste the link..
Help Me!~~ >.<
in Malware Removal
Posted
Hi,
Just wanted to let you know, that I am away for the weekend, and probably will get you an answer tomorrow morning.
dk