Dan

Members
 View Profile  See their activity

  • Content Count

    742

  • Joined

  • Last visited

 Content Type 

Posts posted by Dan

  4. Help Me!~~ >.<

    in Malware Removal

    Posted

    er...Sorry, my mistake... :blink:

    Sorry about the delay..

    ----

    Hi,

    Please read through the instructions before you start (you may want to print this out).

    Please download and install these programs - don't run them yet!!

    Please download and unzip

    About:Buster to a folder. Inside the folder is a readme file that has instructions on the use of the program.

    AboutBuster MUST be updated before you use it.

    Start AboutBuster, click the update button, check for update, drag the box to the side and hit download updates, close the box . Don't run it yet.

    Please download and install AD-Aware.

    Check Here on how setup and use it - please make sure you update it first.

    Download and unzip cwsserviceremove to your desktop. use either link below:

    http://computercops.biz/modules.php?name=Forums&file=download&id=3002[/url

    http://www.mytechsupport.ca/helpwithpcs/up...rviceremove.zip

    Download CW-Shredder at the link below:

    http://cwshredder.net/bin/CWSshtreder.exe

    Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked.

    Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"

    Click "Apply" then "OK"

    For anyone using Windows XP, 'Search' will not automatically show hidden files even if your folder options settings are set to do that. Do this so you can see hidden files and folders - click here http://www.davehigham.zen.co.uk/downloads/xphidden.zip to download xphidden.zip. Extract xphidden.reg from the zip file and save it to the desktop. When done, double-click the xphidden.reg and when asked to merge say yes.

    Important Step

    1. Go to Start->Run and type "Services.msc" (without quotes) then hit Ok

    Scroll down and find the service called:

    Remote Procedure Call (RPC) Helper

    When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you don´t find this service listed go ahead with the next steps.

    2. Reboot into SafeMode. <---MAKE SURE YOU KNOW HOW TO DO THIS!!

    3. Press Ctrl+Alt+Delete once => Click Task Manager => Click the Processes tab => Double-click the Image Name column header to alphabetically sort the processes => Scroll through the list and look for:

    ntkw32.exe

    apigf.exe

    If you find the files, click on them, and then click End Process => Exit the Task Manager.

    4. CLOSE ALL WINDOWS AND BROWSERS Scan with Hijack This and put checks next to all the following, then click "Fix Checked"

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dqiet.dll/sp.html#28129

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dqiet.dll/sp.html#28129

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\dqiet.dll/sp.html#28129

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dqiet.dll/sp.html#28129

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dqiet.dll/sp.html#28129

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dqiet.dll/sp.html#28129

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dqiet.dll/sp.html#28129

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    R3 - Default URLSearchHook is missing

    O2 - BHO: Class - {BC0FF74A-7E39-79D3-0B70-06EC5F199D5F} - C:\WINDOWS\netfh32.dll

    O4 - HKLM\..\Run: [os2T3ni] wldtml.exe

    O4 - HKLM\..\Run: [ntkw32.exe] C:\WINDOWS\system32\ntkw32.exe

    O4 - HKCU\..\Run: [ZBt3RhGFU] lffmgr10.exe

    O15 - Trusted Zone: *.awmdabest.com

    O15 - Trusted Zone: *.awmdabest.com (HKLM)

    O15 - Trusted IP range: 206.161.125.149

    O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone

    O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)

    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

    O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apigf.exe" /s (file missing)

    5. Delete the following files if present:

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.

    C:\WINDOWS\system32\apigf.exe

    C:\WINDOWS\system32\ntkw32.exe

    (and any other files with the same name that end in .dll, .exe or .dat, you may find them right next to each other, example - appsw.exe, appsw.dll, appsw.dat)

    Press Start --> Find. Find the following files and delete them:

    wldtml.exe

    lffmgr10.exe

    6. Run AboutBuster . This will scan your computer for the bad files and delete them. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.

    7. Scan with AdAware and let it remove any bad files found.

    8. Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

    Temporary Files

    Temporary Internet Files

    Recycle Bin

    9. Double click on the cwsserviceremove and when asked to merge say yes.

    10. Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.

    11. Reboot into normal mode.

    12. Download the Hoster from here http://members.aol.com/toadbee/hoster.zip. Press "Restore Original Hosts" and press "OK". Exit Program.

    13. Download and run this online virus scan:

    http://housecall.trendmicro.com/housecall/start_corp.asp

    Make sure you check "AutoClean"

    Then reboot and post a fresh Hijack This log as well as an About:Buster log to see how we did.

    dk

  6. Unclassified.spyware.65

    in Malware Removal

    Posted

    Hi, (Some of the steps we did cover already, and if you have the programs here, remember to update them)

    Please read through the instructions before you start (you may want to print this out).

    Please download and install these programs - don't run them yet!!

    Please download and unzip

    About:Buster to a folder. Inside the folder is a readme file that has instructions on the use of the program.

    AboutBuster MUST be updated before you use it.

    Start AboutBuster, click the update button, check for update, drag the box to the side and hit download updates, close the box . Don't run it yet.

    Please download and install AD-Aware.

    Check Here on how setup and use it - please make sure you update it first.

    Download and unzip cwsserviceremove to your desktop. use either link below:

    http://computercops.biz/modules.php?name=Forums&file=download&id=3002[/url

    http://www.mytechsupport.ca/helpwithpcs/up...rviceremove.zip

    Download CW-Shredder at the link below:

    http://cwshredder.net/bin/CWSshtreder.exe

    Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked.

    Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"

    Click "Apply" then "OK"

    For anyone using Windows XP, 'Search' will not automatically show hidden files even if your folder options settings are set to do that. Do this so you can see hidden files and folders - click here http://www.davehigham.zen.co.uk/downloads/xphidden.zip to download xphidden.zip. Extract xphidden.reg from the zip file and save it to the desktop. When done, double-click the xphidden.reg and when asked to merge say yes.

    Important Step

    1. Go to Start->Run and type "Services.msc" (without quotes) then hit Ok

    Scroll down and find the service called:

    Network Security Service (NSS)

    When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you don´t find this service listed go ahead with the next steps.

    2. Reboot into SafeMode. <---MAKE SURE YOU KNOW HOW TO DO THIS!!

    3. Press Ctrl+Alt+Delete once => Click Task Manager => Click the Processes tab => Double-click the Image Name column header to alphabetically sort the processes => Scroll through the list and look for:

    crmd32.exe

    crvg.exe

    If you find the files, click on them, and then click End Process => Exit the Task Manager.

    4. Scan with Hijack This and put checks next to all the following:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\ptisf.dll/sp.html#12047

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\ptisf.dll/sp.html#12047

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\ptisf.dll/sp.html#12047

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\ptisf.dll/sp.html#12047

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\ptisf.dll/sp.html#12047

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\ptisf.dll/sp.html#12047

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\ptisf.dll/sp.html#12047

    R3 - Default URLSearchHook is missing

    O2 - BHO: GDS module - {A084A565-B09B-4e4c-A497-7CC50AEAB2A7} - C:\WINNT\gds.dll

    O2 - BHO: Class - {A146D46A-42B6-1948-7D09-20744CC5FFB1} - C:\WINNT\javarm.dll

    O2 - BHO: Class - {D8DFD538-D915-DA42-82AD-9910D5D6D43B} - C:\WINNT\system32\netyw32.dll

    O4 - HKLM\..\Run: [crvg.exe] C:\WINNT\crvg.exe

    O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINNT\system32\crmd32.exe" /s (file missing)

    Close all windows except HijackThis, and click the "Fix Checked" button.

    5. Next, delete the following files if present:

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.

    C:\WINNT\system32\crmd32.exe

    C:\WINNT\crvg.exe

    (and any other files with the same name that end in .dll, .exe or .dat, you may find them right next to each other, example - appsw.exe, appsw.dll, appsw.dat)

    6. Run AboutBuster . This will scan your computer for the bad files and delete them. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.

    7. Scan with AdAware and let it remove any bad files found.

    8. Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

    Temporary Files

    Temporary Internet Files

    Recycle Bin

    9. Double click on the cwsserviceremove and when asked to merge say yes.

    10. Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.

    11. Reboot into normal mode.

    12. Download the Hoster from here http://members.aol.com/toadbee/hoster.zip. Press "Restore Original Hosts" and press "OK". Exit Program.

    13. Download and run this online virus scan:

    http://housecall.trendmicro.com/housecall/start_corp.asp

    Make sure you check "AutoClean"

    then reboot and post a fresh Hijack This log to see how we did.

    dk

  11. Unclassified.spyware.65

    in Malware Removal

    Posted

    Hi,

    Please read through the instructions before you start (you may want to print this out).

    Please download and install these programs - don't run them yet!!

    Please download and unzip

    About:Buster to a folder. Inside the folder is a readme file that has instructions on the use of the program.

    AboutBuster MUST be updated before you use it.

    Start AboutBuster, click the update button, check for update, drag the box to the side and hit download updates, close the box . Don't run it yet.

    Please download and install AD-Aware.

    Check Here on how setup and use it - please make sure you update it first.

    Download and unzip cwsserviceremove to your desktop. use either link below:

    http://computercops.biz/modules.php?name=Forums&file=download&id=3002[/url

    http://www.mytechsupport.ca/helpwithpcs/up...rviceremove.zip

    Download CW-Shredder at the link below:

    http://cwshredder.net/bin/CWSshtreder.exe

    Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked.

    Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"

    Click "Apply" then "OK"

    For anyone using Windows XP, 'Search' will not automatically show hidden files even if your folder options settings are set to do that. Do this so you can see hidden files and folders - click here http://www.davehigham.zen.co.uk/downloads/xphidden.zip to download xphidden.zip. Extract xphidden.reg from the zip file and save it to the desktop. When done, double-click the xphidden.reg and when asked to merge say yes.

    Important Step

    1. Go to Start->Run and type "Services.msc" (without quotes) then hit Ok

    Scroll down and find the service called:

    PLACE SERVICE FILE HERE

    When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you don´t find this service listed go ahead with the next steps.

    2. Reboot into SafeMode. <---MAKE SURE YOU KNOW HOW TO DO THIS!!

    3. Press Ctrl+Alt+Delete once => Click Task Manager => Click the Processes tab => Double-click the Image Name column header to alphabetically sort the processes => Scroll through the list and look for:

    PROCESSES TO BE STOPPED

    If you find the files, click on them, and then click End Process => Exit the Task Manager.

    4. CLOSE ALL WINDOWS AND BROWSERS Scan with Hijack This and put checks next to all the following, then click "Fix Checked"

    HJT FIXES HERE

    5. Delete the following files if present:

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.

    FILE DELETIONS HERE

    (and any other files with the same name that end in .dll, .exe or .dat, you may find them right next to each other, example - appsw.exe, appsw.dll, appsw.dat)

    6. Run AboutBuster . This will scan your computer for the bad files and delete them. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.

    7. Scan with AdAware and let it remove any bad files found.

    8. Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

    Temporary Files

    Temporary Internet Files

    Recycle Bin

    9. Double click on the cwsserviceremove and when asked to merge say yes.

    10. Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.

    11. Reboot into normal mode.

    12. Download the Hoster from here Press "Restore Original Hosts" and press "OK". Exit Program.

    13. Download and run this online virus scan:

    Make sure you check "AutoClean"

    Then reboot and post a fresh Hijack This log as well as another about:buster log to see how we did.

  12. Unclassified.spyware.65

    in Malware Removal

    Posted

    Hi,

    Please download Intermute's CWShredder from here:

    http://cwshredder.net/bin/CWShredder.exe

    Save it to the desktop and run it, and click "Fix" to remove the CWS infection.

    Then please download About:Buster from here:

    http://www.downloads.subratam.org/AboutBuster.zip

    Unzip the files to a convenient location such as C:\AboutBuster, and run AboutBuster.exe.

    Read the instructions then click OK to proceed.

    Click "Check for Updates", and then "Download Updates" to update About:Buster to the newest version.

    Then click Start to begin the scan.

    If prompted to end the Explorer.exe process, click Yes.

    Your desktop may disappear --- this is normal.

    Allow the program to scan twice, and when complete click "Save Log".

    This will create a text file called "AB Logfile.txt" in the folder where About:Buster is saved.

    Restart.

    Post the entire contents of that logfile here for me, as well as a new HijackThis log.

    dk

  13. Help Me!~~ >.<

    in Malware Removal

    Posted · Edited by dknoppix

    Hi,

    Please read through the instructions before you start (you may want to print this out).

    Please download and install these programs - don't run them yet!!

    Please download and unzip

    About:Buster to a folder. Inside the folder is a readme file that has instructions on the use of the program.

    AboutBuster MUST be updated before you use it.

    Start AboutBuster, click the update button, check for update, drag the box to the side and hit download updates, close the box . Don't run it yet.

    Please download and install AD-Aware.

    Check Here on how setup and use it - please make sure you update it first.

    Download and unzip cwsserviceremove to your desktop. use either link below:

    http://computercops.biz/modules.php?name=Forums&file=download&id=3002[/url

    http://www.mytechsupport.ca/helpwithpcs/up...rviceremove.zip

    Download CW-Shredder at the link below:

    http://cwshredder.net/bin/CWSshtreder.exe

    Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked.

    Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"

    Click "Apply" then "OK"

    For anyone using Windows XP, 'Search' will not automatically show hidden files even if your folder options settings are set to do that. Do this so you can see hidden files and folders - click here http://www.davehigham.zen.co.uk/downloads/xphidden.zip to download xphidden.zip. Extract xphidden.reg from the zip file and save it to the desktop. When done, double-click the xphidden.reg and when asked to merge say yes.

    +++++++++++++++++++++++++++++++++++++++++++++++++

    Here's the fix:

    Important Step

    1. Go to Start->Run and type "Services.msc" (without quotes) then hit Ok

    Scroll down and find the service called:

    PLACE SERVICE FILE HERE

    When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you don´t find this service listed go ahead with the next steps.

    2. Reboot into SafeMode. <---MAKE SURE YOU KNOW HOW TO DO THIS!!

    3. Press Ctrl+Alt+Delete once => Click Task Manager => Click the Processes tab => Double-click the Image Name column header to alphabetically sort the processes => Scroll through the list and look for:

    PROCESSES TO BE STOPPED

    If you find the files, click on them, and then click End Process => Exit the Task Manager.

    4. CLOSE ALL WINDOWS AND BROWSERS Scan with Hijack This and put checks next to all the following, then click "Fix Checked"

    HJT FIXES HERE

    5. Delete the following files if present:

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.

    FILE DELETIONS HERE

    (and any other files with the same name that end in .dll, .exe or .dat, you may find them right next to each other, example - appsw.exe, appsw.dll, appsw.dat)

    6. Run AboutBuster . This will scan your computer for the bad files and delete them. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.

    7. Scan with AdAware and let it remove any bad files found.

    8. Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

    Temporary Files

    Temporary Internet Files

    Recycle Bin

    9. Double click on the cwsserviceremove and when asked to merge say yes.

    10. Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.

    11. Reboot into normal mode.

    12. Download the Hoster from here Press "Restore Original Hosts" and press "OK". Exit Program.

    13. Download and run this online virus scan:

    Make sure you check "AutoClean"

    then reboot and post a fresh Hijack This log to see how we did.

  15. Where To Get Hijackthis

    in Malware Removal

    Posted

    Hi,

    McAffee virus scan indicated that I have infected files, explorer.exe and kernel32.dll. They cannot be removed nor deleted by it. Any idea what I should do?

    Is there anyway to get HijackThis onto your home computer???

    This may be a serious infection, so if Mcafee asks you to delete explorer.exe or kernel32.dll DO NOT DO SO. This may cause your computer to take serious damage.

    Please scan with HijackThis, and try to transfer a log using a CD, or floppy onto your backup computer, and post it here. We may need to do alot of transfering, so please be aware of that.

    Thanks,

    dk

  20. The Manly Man's Bed

    in On The Web

    Posted

    nit must have access to house outlet jack (110V) to supply power to the Quantum Sleeper Unit and may be run separately through the floor directly to the unit.

    Also, don't you think that it should have its own power supply?

    If a terrorist dude comes in, and unplugs it, they're screwed.